General
-
Target
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f
-
Size
296KB
-
Sample
221123-lxqfkace73
-
MD5
3d7a5b83b6c8fdd5df34cbb0d23483de
-
SHA1
e774dc8e30008338844f096c6ade70e2c092052d
-
SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f
-
SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182
-
SSDEEP
6144:Nnh4rMUW2f5mn4cwBPQD4od7FwDvKbrAGeGYiRqVVc67HJz:zf1o2faKbrAGeuRqVCqF
Static task
static1
Behavioral task
behavioral1
Sample
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f
-
Size
296KB
-
MD5
3d7a5b83b6c8fdd5df34cbb0d23483de
-
SHA1
e774dc8e30008338844f096c6ade70e2c092052d
-
SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f
-
SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182
-
SSDEEP
6144:Nnh4rMUW2f5mn4cwBPQD4od7FwDvKbrAGeGYiRqVVc67HJz:zf1o2faKbrAGeuRqVCqF
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-