General
-
Target
6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d
-
Size
855KB
-
Sample
221123-xqhmxsaf8w
-
MD5
44096bae1ae755f2165f19b3dbf20870
-
SHA1
c8ab70294abdc918d69ad049db03d1ca1be7b14c
-
SHA256
6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d
-
SHA512
3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc
-
SSDEEP
1536:ehqF+u1LAn+5eHByhdNMcmTcHEnStBFwYAuPzJU3LZlYbr5A/zdHnAkUEocqgvJM:xvm4VMcmYAYjPzcfYf5Ard2EorYDk+W
Behavioral task
behavioral1
Sample
6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d
-
Size
855KB
-
MD5
44096bae1ae755f2165f19b3dbf20870
-
SHA1
c8ab70294abdc918d69ad049db03d1ca1be7b14c
-
SHA256
6723d807f4b496d9f2a85054adfb6242a15d76f9d775918497c38df52ba9af9d
-
SHA512
3fb769387fc3419593cc8496830523af701703cc824563a2084b5f36901a4a1b717bc00e6e5f317abc39dcb7d927381108bbf41ca27fcd9b7361cf38f62d26dc
-
SSDEEP
1536:ehqF+u1LAn+5eHByhdNMcmTcHEnStBFwYAuPzJU3LZlYbr5A/zdHnAkUEocqgvJM:xvm4VMcmYAYjPzcfYf5Ard2EorYDk+W
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables taskbar notifications via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-