General
-
Target
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de
-
Size
703KB
-
Sample
221124-astfwaad81
-
MD5
cac2bd81251cee7a5e5d5e06210bc9ec
-
SHA1
7ce442841a27ae9f3500909bbea70895bd3d456b
-
SHA256
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de
-
SHA512
465c29ddafa10c7a86d615ec8130a50d0e39ea41721e5bfee49d4674c931659520622c21613d6680932276314ac50c676fcd5d28905388cd48a90f6a6aeb811a
-
SSDEEP
1536:cd04boUzdIBsZUpUQSe1sjL/91IqmM4nouy8:cdJboUpEsueFssP11I5Mwout
Behavioral task
behavioral1
Sample
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de
-
Size
703KB
-
MD5
cac2bd81251cee7a5e5d5e06210bc9ec
-
SHA1
7ce442841a27ae9f3500909bbea70895bd3d456b
-
SHA256
078bf6fad81012be297caf2e1dc968b46013d59a530e02d4f1045b40f6a5d8de
-
SHA512
465c29ddafa10c7a86d615ec8130a50d0e39ea41721e5bfee49d4674c931659520622c21613d6680932276314ac50c676fcd5d28905388cd48a90f6a6aeb811a
-
SSDEEP
1536:cd04boUzdIBsZUpUQSe1sjL/91IqmM4nouy8:cdJboUpEsueFssP11I5Mwout
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-