General
-
Target
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
-
Size
2.0MB
-
Sample
221125-jqez5sca83
-
MD5
83933516d5bec305eca233671d58d70e
-
SHA1
cd2861e8ac5004907f0d1e2b54ab43078fe315fb
-
SHA256
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
-
SHA512
339c909d8198f998c4672aa5a81c2d5b2d6c910e5af5ff6660ac8c101d83df5d9836dd80a3b027ce0a7ccb0d7ab375bb11644847835f167939763390686f94d8
-
SSDEEP
49152:LAHmZWttPz/DFeBgmk2fMagFW06rwa9LvQZy9LvQZgipCDh0:a+eX+gDDMHwa9bQZy9bQZgipEh0
Static task
static1
Behavioral task
behavioral1
Sample
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://galaint.statson-linesec.info/?0=118&1=2&2=1&3=79&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=ctkpbjxohg&14=1
Targets
-
-
Target
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
-
Size
2.0MB
-
MD5
83933516d5bec305eca233671d58d70e
-
SHA1
cd2861e8ac5004907f0d1e2b54ab43078fe315fb
-
SHA256
58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
-
SHA512
339c909d8198f998c4672aa5a81c2d5b2d6c910e5af5ff6660ac8c101d83df5d9836dd80a3b027ce0a7ccb0d7ab375bb11644847835f167939763390686f94d8
-
SSDEEP
49152:LAHmZWttPz/DFeBgmk2fMagFW06rwa9LvQZy9LvQZgipCDh0:a+eX+gDDMHwa9bQZy9bQZgipEh0
Score10/10-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-