General
-
Target
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
-
Size
68KB
-
Sample
221123-xk8bdsfc78
-
MD5
1ddadc8836c58e6cf1e0520d01cae656
-
SHA1
b4a51e1f8dd03bf4309e6982de7bc2d3ac1a32c9
-
SHA256
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
-
SHA512
656034a1280f3788a52ffd6bc7d110e7ad4241dcf18eaacdf50ff47e30cc0187a0c75741fdc5beef17b07a15cfb9ae7b1c4a64877521702ed0ea5bde35e1f6b4
-
SSDEEP
1536:OjcznvDjY/u7RLw5gbNsGKRlCY19TO21EUghNHzrztTZd4e:OjIvDjnxrno0Y1I21EUq/B1
Static task
static1
Behavioral task
behavioral1
Sample
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
-
Size
68KB
-
MD5
1ddadc8836c58e6cf1e0520d01cae656
-
SHA1
b4a51e1f8dd03bf4309e6982de7bc2d3ac1a32c9
-
SHA256
6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
-
SHA512
656034a1280f3788a52ffd6bc7d110e7ad4241dcf18eaacdf50ff47e30cc0187a0c75741fdc5beef17b07a15cfb9ae7b1c4a64877521702ed0ea5bde35e1f6b4
-
SSDEEP
1536:OjcznvDjY/u7RLw5gbNsGKRlCY19TO21EUghNHzrztTZd4e:OjIvDjnxrno0Y1I21EUq/B1
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-