General
-
Target
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77
-
Size
840KB
-
Sample
221123-xgy9baaa21
-
MD5
489e3dbf1fd20f27c6b2717b6b829623
-
SHA1
15523053d4f93fc0f45da028a1090f77fd426b48
-
SHA256
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77
-
SHA512
2e776cb3e4d68cc52179e1d046c5333f0a4f582eebe8ad2f867317693892f1592d0ecdc92df2537746d513e1219a69713fc5c032a1e100704e507253ac0f468b
-
SSDEEP
12288:kCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Zk9P7nCvX6MNYLIbgYJ3chra+GbrL
Static task
static1
Behavioral task
behavioral1
Sample
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77
-
Size
840KB
-
MD5
489e3dbf1fd20f27c6b2717b6b829623
-
SHA1
15523053d4f93fc0f45da028a1090f77fd426b48
-
SHA256
c953bbc718fb0d3bfea47305027c59cb821e6f8c80c30f8a8a9d466b6d96ba77
-
SHA512
2e776cb3e4d68cc52179e1d046c5333f0a4f582eebe8ad2f867317693892f1592d0ecdc92df2537746d513e1219a69713fc5c032a1e100704e507253ac0f468b
-
SSDEEP
12288:kCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Zk9P7nCvX6MNYLIbgYJ3chra+GbrL
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-