General
-
Target
tmp
-
Size
1.7MB
-
Sample
220927-zk1mnaffdk
-
MD5
47d2d449ec519d7d24feafff8088735f
-
SHA1
75fd74fffc8a9da0ef33dce2a616fd2424e41b86
-
SHA256
1063141a71a9f3b788d4be37ff25d52cb29f7ec8105fbd8b90129073e78cd033
-
SHA512
9fd8f13e6fc0ddf3cd69eb23f5fd9982b1f9f2f361b4b37de445bceea18860bdf8ca9ef546302d927b8ad749f48789ff51fe4797a69106a82921e275b5ada08b
-
SSDEEP
24576:Bn1MHQ7hZjEnBmMYYsB3J0zNMESsm/r8REOuPOEkU1johR:1NZjEnBmMAJGNusYr8REOuP3kUZohR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
tmp
-
Size
1.7MB
-
MD5
47d2d449ec519d7d24feafff8088735f
-
SHA1
75fd74fffc8a9da0ef33dce2a616fd2424e41b86
-
SHA256
1063141a71a9f3b788d4be37ff25d52cb29f7ec8105fbd8b90129073e78cd033
-
SHA512
9fd8f13e6fc0ddf3cd69eb23f5fd9982b1f9f2f361b4b37de445bceea18860bdf8ca9ef546302d927b8ad749f48789ff51fe4797a69106a82921e275b5ada08b
-
SSDEEP
24576:Bn1MHQ7hZjEnBmMYYsB3J0zNMESsm/r8REOuPOEkU1johR:1NZjEnBmMAJGNusYr8REOuP3kUZohR
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-