General
-
Target
e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
-
Size
1.4MB
-
Sample
221124-wkd7waaf65
-
MD5
71cf9e17f89c88d5e287017149e04af8
-
SHA1
a822a06b3efaea3a17bfb8d17e549f8a904bba2a
-
SHA256
e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
-
SHA512
74e7f8af01a77716a0a6625ede3b0d8cac50c1f93f27eb146248c4d32737268fb26f3d7da0db6f9b5b5d5189f63b2007d94f80d61fc92b9b70dfe406c0fc0437
-
SSDEEP
24576:YDOdboF3zDAL08WR42XibVaUXWskvhSrC6DDNbswu6aJ2k:Jg3wzAl6XxkpODNbRah
Malware Config
Targets
-
-
Target
e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
-
Size
1.4MB
-
MD5
71cf9e17f89c88d5e287017149e04af8
-
SHA1
a822a06b3efaea3a17bfb8d17e549f8a904bba2a
-
SHA256
e1d63956ed3d44aa0eb19c4964c1b84909fde1ab5e96d99812684ac9341f6100
-
SHA512
74e7f8af01a77716a0a6625ede3b0d8cac50c1f93f27eb146248c4d32737268fb26f3d7da0db6f9b5b5d5189f63b2007d94f80d61fc92b9b70dfe406c0fc0437
-
SSDEEP
24576:YDOdboF3zDAL08WR42XibVaUXWskvhSrC6DDNbswu6aJ2k:Jg3wzAl6XxkpODNbRah
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-