General
-
Target
d026b0f1bfa1ea1bc142695477450d6bd4c10e6d7cdbff1d4e8abaad8f04b6c1
-
Size
380KB
-
Sample
221118-27l4wsgc8s
-
MD5
e91e8a603108c29db5d1a1ba1c8123fd
-
SHA1
e609bf5881c00aa4c325a2250407d0d8b254e04c
-
SHA256
d026b0f1bfa1ea1bc142695477450d6bd4c10e6d7cdbff1d4e8abaad8f04b6c1
-
SHA512
2d0c23f0a9cc784820291595816ec49a9f12d3b4bdd5cc569f56810d1766fb73b9a1a8ece293210678d03ebe8d3413bb9ebc7ae9eb757588345bebcd4e8abff7
-
SSDEEP
6144:x/QiQXCWkm+ksmpk3U9j0IV/OGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7LT:pQi3WP6m6UR0IV/lL//plmW9bTXeVhD4
Static task
static1
Behavioral task
behavioral1
Sample
d026b0f1bfa1ea1bc142695477450d6bd4c10e6d7cdbff1d4e8abaad8f04b6c1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
d026b0f1bfa1ea1bc142695477450d6bd4c10e6d7cdbff1d4e8abaad8f04b6c1
-
Size
380KB
-
MD5
e91e8a603108c29db5d1a1ba1c8123fd
-
SHA1
e609bf5881c00aa4c325a2250407d0d8b254e04c
-
SHA256
d026b0f1bfa1ea1bc142695477450d6bd4c10e6d7cdbff1d4e8abaad8f04b6c1
-
SHA512
2d0c23f0a9cc784820291595816ec49a9f12d3b4bdd5cc569f56810d1766fb73b9a1a8ece293210678d03ebe8d3413bb9ebc7ae9eb757588345bebcd4e8abff7
-
SSDEEP
6144:x/QiQXCWkm+ksmpk3U9j0IV/OGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7LT:pQi3WP6m6UR0IV/lL//plmW9bTXeVhD4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-