General
-
Target
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba
-
Size
1.8MB
-
Sample
221124-3gfd4aaf8x
-
MD5
8b65a55c3a468228272d004903b40546
-
SHA1
5f8f2b352c756b9818b887f46619c9d62f8861a9
-
SHA256
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba
-
SHA512
75a1824b1a53c7a16ebe5bd44cf0351b2737b5f6e5c5e38feb8047a251d6aa34a7f15a4f072c16db77a6c6983ede4214dd985a7a04e1f48c219c341df486b120
-
SSDEEP
49152:on+Wqv6iVLxcGGvWma8Tjc04axAwCQW6pN0IHL:omCVTN3tfW6pNHL
Static task
static1
Behavioral task
behavioral1
Sample
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://galaint.onlinesecstats.info/?0=136&1=1&2=1&3=70&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=iqqiqunpck&14=1
Targets
-
-
Target
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba
-
Size
1.8MB
-
MD5
8b65a55c3a468228272d004903b40546
-
SHA1
5f8f2b352c756b9818b887f46619c9d62f8861a9
-
SHA256
79806b97ee86f26bbfc7b37ac2abc2eb2129f50abb45308e4f632fb7a5ba13ba
-
SHA512
75a1824b1a53c7a16ebe5bd44cf0351b2737b5f6e5c5e38feb8047a251d6aa34a7f15a4f072c16db77a6c6983ede4214dd985a7a04e1f48c219c341df486b120
-
SSDEEP
49152:on+Wqv6iVLxcGGvWma8Tjc04axAwCQW6pN0IHL:omCVTN3tfW6pNHL
Score10/10-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-