General
-
Target
BUFF TEST VERS.rar
-
Size
2.0MB
-
Sample
220924-v1emxabfg5
-
MD5
b0d5b51c5b5526e76f0771c350a821cd
-
SHA1
326e402d16cceb90c3b9b86174904a1de7eacb73
-
SHA256
f5a8f1abc7bd17df3d9ab0e2b1d43c8ab286b3277eef339918a406652f45470b
-
SHA512
1c325bd9100ab2f138257d4f8297ce8cf40dd99abef28656339f28af3f0b0c05111412899d38f59ad250033a2b4af4ee6a37ab2fe4a6909f89eb9d2aaa58f2a0
-
SSDEEP
49152:VLxMtQmIZELV7/mKGrsOtPpMEF9qwU17Tq4GU5IymfberG2ldo:ViimIs7/mKisF7+4nIfzoGAo
Static task
static1
Behavioral task
behavioral1
Sample
BUFF 12H.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
BUFF 12H.exe
-
Size
2.0MB
-
MD5
44e757e4e2e6aba07865e5c42028f8c2
-
SHA1
6399afb3b981c9ce457b81326dd3f79ddef081f0
-
SHA256
5533c744f6f07c674ddf759b37acb92e6cecea77bdc9f9658166520f6c47de6f
-
SHA512
e3da98f211f87bf6369eeb5245aea5a69bfa16e868c787f86e70776b96787059bb1fb0f22082f8653a2a257e50bd4f7d4a75fb17ea010e8a89862fd999485fbd
-
SSDEEP
49152:h4XjTHzNmGid9ZiYioAykudfgzTlQNoYP1LZI2m0PZk+aJL0jRBtD8j:hGTNKJi5eTNoYPxdm+k+aJL4RB18j
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-