General
-
Target
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d
-
Size
254KB
-
Sample
221011-k9176afgc4
-
MD5
6d9204abe4f53ebfeb0fe8a7ab60744e
-
SHA1
b353a9cec76f09f2b2673da176234fcc1f549b03
-
SHA256
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d
-
SHA512
02210383d7aaaade53c8d6193370ff8889b05597dbbc3130759d2953dbd9302cf12e4e69a411963a79097caf810348e8283a447d84c9a3b0f26a9ef207e3a7d7
-
SSDEEP
6144:pf5yZ/ka76g6waedizy5YUFJL7UVKkjIwNz74pZDR1PpNSvL:pEkaZXjYwLaUkUppnpNSvL
Static task
static1
Behavioral task
behavioral1
Sample
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d
-
Size
254KB
-
MD5
6d9204abe4f53ebfeb0fe8a7ab60744e
-
SHA1
b353a9cec76f09f2b2673da176234fcc1f549b03
-
SHA256
65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d
-
SHA512
02210383d7aaaade53c8d6193370ff8889b05597dbbc3130759d2953dbd9302cf12e4e69a411963a79097caf810348e8283a447d84c9a3b0f26a9ef207e3a7d7
-
SSDEEP
6144:pf5yZ/ka76g6waedizy5YUFJL7UVKkjIwNz74pZDR1PpNSvL:pEkaZXjYwLaUkUppnpNSvL
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-