General
-
Target
bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
-
Size
850KB
-
Sample
220930-y65ytsefg8
-
MD5
617935448c3a5753762ac8c59d002b09
-
SHA1
547c265e6940de4eaa9b756f3eabd44e5945b8aa
-
SHA256
bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
-
SHA512
88dfba3cc824a0430b14962395d0f5ed93eb559e077d9162b1d4577d1f8a1e2110a9e87b2e5eb928560f4f087964d923644b120c1b384b43f232c2b1ca6245de
-
SSDEEP
6144:5tvrVv35gx/v6TTBgU5dsbopjLn5i2Lm8pbu5n+QKyX37RodENtQsEb8bKQdh/zH:HpvJKOdsKjL33e7RodvB5
Static task
static1
Behavioral task
behavioral1
Sample
bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
-
Size
850KB
-
MD5
617935448c3a5753762ac8c59d002b09
-
SHA1
547c265e6940de4eaa9b756f3eabd44e5945b8aa
-
SHA256
bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
-
SHA512
88dfba3cc824a0430b14962395d0f5ed93eb559e077d9162b1d4577d1f8a1e2110a9e87b2e5eb928560f4f087964d923644b120c1b384b43f232c2b1ca6245de
-
SSDEEP
6144:5tvrVv35gx/v6TTBgU5dsbopjLn5i2Lm8pbu5n+QKyX37RodENtQsEb8bKQdh/zH:HpvJKOdsKjL33e7RodvB5
-
Detectes Phoenix Miner Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-