General
-
Target
a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312
-
Size
1.1MB
-
Sample
221126-jkrrracg76
-
MD5
446e5936689f894c8959b0707876ae12
-
SHA1
bc654444bd03fb171f20a6f87bc9d405d485828d
-
SHA256
a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312
-
SHA512
a520541b55f5c78c8db7588ee4535a255f06b9625aa40638ab7b402c37d32a7137132c29c0141a23e9ddf7a2de6487e07199fd093d4151c9ce193eb8d040f81e
-
SSDEEP
24576:7tb20pkaCqT5TBWgNQ7a787DmJpucN3JjC6A:4Vg5tQ7a787Ir3JO5
Malware Config
Targets
-
-
Target
a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312
-
Size
1.1MB
-
MD5
446e5936689f894c8959b0707876ae12
-
SHA1
bc654444bd03fb171f20a6f87bc9d405d485828d
-
SHA256
a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312
-
SHA512
a520541b55f5c78c8db7588ee4535a255f06b9625aa40638ab7b402c37d32a7137132c29c0141a23e9ddf7a2de6487e07199fd093d4151c9ce193eb8d040f81e
-
SSDEEP
24576:7tb20pkaCqT5TBWgNQ7a787DmJpucN3JjC6A:4Vg5tQ7a787Ir3JO5
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-