General
-
Target
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
-
Size
116KB
-
Sample
221123-m9me4sgb77
-
MD5
7fdf1177ae26859ce367d4cd76a712d1
-
SHA1
3410dbe2e502ccd791b05bb919bc2814d1275bca
-
SHA256
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
-
SHA512
a4ea6c2dcc05e72ec62b4c8c98b9560e1608e447cb36cb7e6a15cf7a36044bae3cbaea6f7daac56ee8f757e1e08c98ccc8f5fb9fb7d6431f38d2c3c7c361a88c
-
SSDEEP
3072:gtuA/sk2uoYzVzSeQ7fFcO73V+cQhkv3NhF:gtTogSztD738cQhQ9hF
Static task
static1
Behavioral task
behavioral1
Sample
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
-
Size
116KB
-
MD5
7fdf1177ae26859ce367d4cd76a712d1
-
SHA1
3410dbe2e502ccd791b05bb919bc2814d1275bca
-
SHA256
25235495fd6c467c26f70e23514035d884fa169cb7a0a4d60548364f7718aa8a
-
SHA512
a4ea6c2dcc05e72ec62b4c8c98b9560e1608e447cb36cb7e6a15cf7a36044bae3cbaea6f7daac56ee8f757e1e08c98ccc8f5fb9fb7d6431f38d2c3c7c361a88c
-
SSDEEP
3072:gtuA/sk2uoYzVzSeQ7fFcO73V+cQhkv3NhF:gtTogSztD738cQhQ9hF
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-