General
-
Target
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734
-
Size
88KB
-
Sample
221123-pww4hacd55
-
MD5
ecfffac1d30e19d63d6b432a07f0a45d
-
SHA1
2b2448a47abc3904cc68c40d9b9caad52d1c06cb
-
SHA256
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734
-
SHA512
15bf563a16f56c04dd1c4161561235f792b0d00b31468c161b684347ce863bfddd090e80586e4d9f8655c7d7b19d8e32b12c8135554160ee964b2a29358b2b3e
-
SSDEEP
768:yNjV5mQQcLcQ33CmY7dXYY+kWzH9SE/mO5ge6EqIPrcGpORnMYMjo5V0UU6D4Wcv:yJ2ILDCeYXSH26LzrcG9Y5P0WcHOjk
Static task
static1
Behavioral task
behavioral1
Sample
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734
-
Size
88KB
-
MD5
ecfffac1d30e19d63d6b432a07f0a45d
-
SHA1
2b2448a47abc3904cc68c40d9b9caad52d1c06cb
-
SHA256
f626b79602eb4ab88c08eca8b2634847d0ea48ce03f08c78cb828655f252c734
-
SHA512
15bf563a16f56c04dd1c4161561235f792b0d00b31468c161b684347ce863bfddd090e80586e4d9f8655c7d7b19d8e32b12c8135554160ee964b2a29358b2b3e
-
SSDEEP
768:yNjV5mQQcLcQ33CmY7dXYY+kWzH9SE/mO5ge6EqIPrcGpORnMYMjo5V0UU6D4Wcv:yJ2ILDCeYXSH26LzrcG9Y5P0WcHOjk
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-