General
-
Target
ef16822c9ebac8a3de4d4e60975818eb4db652fe1a18d8eb559c0ffefe9085fc
-
Size
240KB
-
Sample
221126-kf3twshh4z
-
MD5
c9b018f378e1cd10e9720938a60ed343
-
SHA1
0154f0bdbc3b7413aab4f98ec4602eaab2cfbf0e
-
SHA256
ef16822c9ebac8a3de4d4e60975818eb4db652fe1a18d8eb559c0ffefe9085fc
-
SHA512
8fb5747e608f19cc0ffdefbfe38517897beb72feec0da39e4195944c949766234b62c1cabb6f63e30bfcba7320d50601bca19dcfbc84df342e8854333262ab0d
-
SSDEEP
6144:c4jg+pHn4noZ7FSQSCyd0oG8UdFPO4l5X4hSJM:cH+YnoZgwyd04UrNHGSW
Malware Config
Targets
-
-
Target
.exe
-
Size
325KB
-
MD5
632815f4f93a1e88dd062c0a75b2ebda
-
SHA1
1aae28c24d933827985786bb79074a673eb77546
-
SHA256
002afb2d4477706349ddac2f2f75437d83ab530fff16502482b20cf70ab5fc01
-
SHA512
a6bb05a6f1284a05fdad1437656aeadafadc2c0cd30ccdb5eff88f133542eb129234f88d40cf476c6fe040868c4e32db217980d36329d0c4b1e4a8b5fdd9674e
-
SSDEEP
6144:yZXBsWqsE/Ao+mv8Qv0LVmwq4FU0nN876safCSQSCyd0oGOUdFPI4l5XdhSJ0:0XmwRo+mv8QD4+0N46lf1wyd0SUrvHzL
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-