General
-
Target
ba23ee98f2ebc5193b0c9852c45ddad7d7f402fd435d04b8fcd0c2e1ba078760
-
Size
1.4MB
-
Sample
221124-mazw6aba2v
-
MD5
324d55eb0d8f1d343331194cdd8bc390
-
SHA1
7d91c0d29cccb0703a653aea0440d29d7f2762ae
-
SHA256
ba23ee98f2ebc5193b0c9852c45ddad7d7f402fd435d04b8fcd0c2e1ba078760
-
SHA512
89533a6fbd4c48022f86fa3f2fc31163217f0cb6d0ee7d4ec06073c88dc2be2992333420aea8d5b8d326e6429855a0f229a740c17e2043a3e146fd96224070d0
-
SSDEEP
1536:9NhENNo2oa5pHwAVvu0IysOPv3YdI3EpCK+V5iR/yKoDn66XujshkGXE7rFKh:9gN5ogyJ0XgdsEIKlyKo26Jkj7rF
Static task
static1
Behavioral task
behavioral1
Sample
ba23ee98f2ebc5193b0c9852c45ddad7d7f402fd435d04b8fcd0c2e1ba078760.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
ba23ee98f2ebc5193b0c9852c45ddad7d7f402fd435d04b8fcd0c2e1ba078760
-
Size
1.4MB
-
MD5
324d55eb0d8f1d343331194cdd8bc390
-
SHA1
7d91c0d29cccb0703a653aea0440d29d7f2762ae
-
SHA256
ba23ee98f2ebc5193b0c9852c45ddad7d7f402fd435d04b8fcd0c2e1ba078760
-
SHA512
89533a6fbd4c48022f86fa3f2fc31163217f0cb6d0ee7d4ec06073c88dc2be2992333420aea8d5b8d326e6429855a0f229a740c17e2043a3e146fd96224070d0
-
SSDEEP
1536:9NhENNo2oa5pHwAVvu0IysOPv3YdI3EpCK+V5iR/yKoDn66XujshkGXE7rFKh:9gN5ogyJ0XgdsEIKlyKo26Jkj7rF
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-