General
-
Target
ffc961c73149fae4c1abc94f066190b77f8c20f5c5c21bbcc0ae0da0d11c9406
-
Size
163KB
-
Sample
221123-vqxezahf98
-
MD5
2ad25d81e8d455471a4f9f803acd02ce
-
SHA1
0580f084f662cf2b79896eceec2cc57e44e95507
-
SHA256
ffc961c73149fae4c1abc94f066190b77f8c20f5c5c21bbcc0ae0da0d11c9406
-
SHA512
56a5d0e48c49918130b173291d75f41c73f85e63615d11ad64bf25ee5fcb97404e8521253a097f7cffa8432693abb8b1394c04d1601f6e69066985cdb7709a77
-
SSDEEP
3072:nv4tCk6tj9tnCRLMGbwQG52xKUgfyFRsxxulukd0pF:vMAtCRYGbG52gUHRU
Static task
static1
Behavioral task
behavioral1
Sample
ffc961c73149fae4c1abc94f066190b77f8c20f5c5c21bbcc0ae0da0d11c9406.dll
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
ffc961c73149fae4c1abc94f066190b77f8c20f5c5c21bbcc0ae0da0d11c9406
-
Size
163KB
-
MD5
2ad25d81e8d455471a4f9f803acd02ce
-
SHA1
0580f084f662cf2b79896eceec2cc57e44e95507
-
SHA256
ffc961c73149fae4c1abc94f066190b77f8c20f5c5c21bbcc0ae0da0d11c9406
-
SHA512
56a5d0e48c49918130b173291d75f41c73f85e63615d11ad64bf25ee5fcb97404e8521253a097f7cffa8432693abb8b1394c04d1601f6e69066985cdb7709a77
-
SSDEEP
3072:nv4tCk6tj9tnCRLMGbwQG52xKUgfyFRsxxulukd0pF:vMAtCRYGbG52gUHRU
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-