General
-
Target
f1f2916afe345417d9f8db9e538d1bbecce8da798b9ed1359e096e63d58b0d3e
-
Size
4.9MB
-
Sample
221124-acxtcsea78
-
MD5
1c6bb4a6827c9882351c685370f0a563
-
SHA1
fb9599328006abe48263bba8473330b761e85034
-
SHA256
f1f2916afe345417d9f8db9e538d1bbecce8da798b9ed1359e096e63d58b0d3e
-
SHA512
9ee24be27786ac95a4c53186d701b21e6b27823ef170051122a3b8727c08e8a2fb5c4f3ea9a22cde7999e4822d836b01e7796b2f54a05307554e07416939ffb7
-
SSDEEP
98304:A/oV5y2jLIQ8/0R1rtOpNI1HOR0LXIhSeOau9LtyKXbkflWivV/:jDLEUTm8x0PXEFq9V/
Malware Config
Targets
-
-
Target
f1f2916afe345417d9f8db9e538d1bbecce8da798b9ed1359e096e63d58b0d3e
-
Size
4.9MB
-
MD5
1c6bb4a6827c9882351c685370f0a563
-
SHA1
fb9599328006abe48263bba8473330b761e85034
-
SHA256
f1f2916afe345417d9f8db9e538d1bbecce8da798b9ed1359e096e63d58b0d3e
-
SHA512
9ee24be27786ac95a4c53186d701b21e6b27823ef170051122a3b8727c08e8a2fb5c4f3ea9a22cde7999e4822d836b01e7796b2f54a05307554e07416939ffb7
-
SSDEEP
98304:A/oV5y2jLIQ8/0R1rtOpNI1HOR0LXIhSeOau9LtyKXbkflWivV/:jDLEUTm8x0PXEFq9V/
Score8/10-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-