General
-
Target
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
-
Size
796KB
-
Sample
221124-e2xbcacc4t
-
MD5
09f787f7bfa486df17725c9c4eb251ce
-
SHA1
b1b5778c732f8d319f2096abeba7175020ad9123
-
SHA256
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
-
SHA512
1f9d432e0dcf8f02b15909ce5fc9197647e5abcf2537680e3d5794d740b98c8793aa386c5e305e11b2e550a69158a1ece312fd178d72eec766c1df56b4cd383c
-
SSDEEP
6144:9eb/LfqouTcCFLgAg3PxNKXYgBdnaNT2b3cpMN/XFjAn5N0GdJbU54ql0q/37//3:MAcCaZL0YCgsyMN/XFEnzZU4q0c3
Static task
static1
Behavioral task
behavioral1
Sample
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
-
Size
796KB
-
MD5
09f787f7bfa486df17725c9c4eb251ce
-
SHA1
b1b5778c732f8d319f2096abeba7175020ad9123
-
SHA256
e26ca8248c612dd9d046a4e0c32d195a701c9fbcac0dd3638537165a7d3fdb9c
-
SHA512
1f9d432e0dcf8f02b15909ce5fc9197647e5abcf2537680e3d5794d740b98c8793aa386c5e305e11b2e550a69158a1ece312fd178d72eec766c1df56b4cd383c
-
SSDEEP
6144:9eb/LfqouTcCFLgAg3PxNKXYgBdnaNT2b3cpMN/XFjAn5N0GdJbU54ql0q/37//3:MAcCaZL0YCgsyMN/XFEnzZU4q0c3
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-