General
-
Target
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
-
Size
710KB
-
Sample
221123-p3g8xsch46
-
MD5
b41be72917631662b809a97398b1cc2f
-
SHA1
86ffe8c475013335a595e45e61555d218c83ed6c
-
SHA256
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
-
SHA512
e6bd8298c1df98ca1d2954d419032d559afd17e55f82dcc9840114c7f8a0bb85b1eb74f84d832b172a4ba59f32fe1770db4419909fb73e83a96dacd3a79b8b39
-
SSDEEP
12288:8CcefLVxfez9WRoEwnHKMrMCFJEHylS43u6Zmpin3J:wQLV8zcRoTjw+JFsin
Static task
static1
Behavioral task
behavioral1
Sample
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
-
Size
710KB
-
MD5
b41be72917631662b809a97398b1cc2f
-
SHA1
86ffe8c475013335a595e45e61555d218c83ed6c
-
SHA256
e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
-
SHA512
e6bd8298c1df98ca1d2954d419032d559afd17e55f82dcc9840114c7f8a0bb85b1eb74f84d832b172a4ba59f32fe1770db4419909fb73e83a96dacd3a79b8b39
-
SSDEEP
12288:8CcefLVxfez9WRoEwnHKMrMCFJEHylS43u6Zmpin3J:wQLV8zcRoTjw+JFsin
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-