General
-
Target
776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
-
Size
802KB
-
Sample
220930-y6xbpaffep
-
MD5
dfa611cd9978c8099282d698d8ed4dc7
-
SHA1
0aa3b51130d24e43ff7b6146c02bc517f78da12d
-
SHA256
776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
-
SHA512
93284d4b7d4bdeba22404d2521bb94f446f5838e8bc1cda34dfdb838dadefaab9dc0f32ee9235571c02572dec4f56869f1a11851d3fd3f4fd510fb0c7f1ff30f
-
SSDEEP
24576:82G/nvxW3WdmsuTwueIzi6c4zjJwBnyW2ZCh5XXAhx:8bA3lsu0ueLgz6QW8Cyx
Static task
static1
Behavioral task
behavioral1
Sample
776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
-
Size
802KB
-
MD5
dfa611cd9978c8099282d698d8ed4dc7
-
SHA1
0aa3b51130d24e43ff7b6146c02bc517f78da12d
-
SHA256
776735ffea7808b49399710d75968d191829b6403670257467e340ea83aed89b
-
SHA512
93284d4b7d4bdeba22404d2521bb94f446f5838e8bc1cda34dfdb838dadefaab9dc0f32ee9235571c02572dec4f56869f1a11851d3fd3f4fd510fb0c7f1ff30f
-
SSDEEP
24576:82G/nvxW3WdmsuTwueIzi6c4zjJwBnyW2ZCh5XXAhx:8bA3lsu0ueLgz6QW8Cyx
-
Detectes Phoenix Miner Payload
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-