General
-
Target
1fda9586fa891aee06c7da4e253cf20b0fc8ea7494eb87992a69f55ea13886c8
-
Size
81KB
-
Sample
221107-r6bawscce2
-
MD5
0ebdde839329798d2281ae7008080c48
-
SHA1
a9c721b00ce88f6f69a67ebc905e87e9d0d29939
-
SHA256
1fda9586fa891aee06c7da4e253cf20b0fc8ea7494eb87992a69f55ea13886c8
-
SHA512
27dcc06824dd3473866a35ec6681c3b4de69d94ecbc724e0337819aa7de50123bdd87243a2c299661ad8a7bf698b94ffca348d55848d8454548f512f47a45e9b
-
SSDEEP
1536:ZUb3GPcHwFu6l2d46f5oEZITHy1DeUFOL0KoSgTxciOSGzbZMEc:Ii5uI2dpf5oEQ8erLZgtcRu
Malware Config
Targets
-
-
Target
1fda9586fa891aee06c7da4e253cf20b0fc8ea7494eb87992a69f55ea13886c8
-
Size
81KB
-
MD5
0ebdde839329798d2281ae7008080c48
-
SHA1
a9c721b00ce88f6f69a67ebc905e87e9d0d29939
-
SHA256
1fda9586fa891aee06c7da4e253cf20b0fc8ea7494eb87992a69f55ea13886c8
-
SHA512
27dcc06824dd3473866a35ec6681c3b4de69d94ecbc724e0337819aa7de50123bdd87243a2c299661ad8a7bf698b94ffca348d55848d8454548f512f47a45e9b
-
SSDEEP
1536:ZUb3GPcHwFu6l2d46f5oEZITHy1DeUFOL0KoSgTxciOSGzbZMEc:Ii5uI2dpf5oEQ8erLZgtcRu
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-