General
-
Target
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
-
Size
730KB
-
Sample
221125-jwjwaaga51
-
MD5
b849888deba833c47e824cd25adb39d6
-
SHA1
be8c12fb9a3fc59bb98113d5e1491c449a702a3a
-
SHA256
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
-
SHA512
f9d33e634fe89b286aaeefc3d424ebbcea74e74d328afca9dc99a7eb0f88880c4802eb66fe76e6c9d88db26b79390bfab35ef5d4d903112206a46bb861bfa75c
-
SSDEEP
12288:fH16hjKvCGe81mt5zgKGORvpeTMrq1b0hcZza+bx3yrqupt5Ye4i:/16QvC/tyiRv3Wu0x3y+atWe4i
Static task
static1
Behavioral task
behavioral1
Sample
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
-
Size
730KB
-
MD5
b849888deba833c47e824cd25adb39d6
-
SHA1
be8c12fb9a3fc59bb98113d5e1491c449a702a3a
-
SHA256
3f3307a94076116299711a4913ac8a1309fac6b4254832f367258e283cfd260b
-
SHA512
f9d33e634fe89b286aaeefc3d424ebbcea74e74d328afca9dc99a7eb0f88880c4802eb66fe76e6c9d88db26b79390bfab35ef5d4d903112206a46bb861bfa75c
-
SSDEEP
12288:fH16hjKvCGe81mt5zgKGORvpeTMrq1b0hcZza+bx3yrqupt5Ye4i:/16QvC/tyiRv3Wu0x3y+atWe4i
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-