General
-
Target
e732400bb2faeda3a30c82f825003f4b12a5b1e53f1b7f508e1e7f14130a1487
-
Size
315KB
-
Sample
221126-ky692aff56
-
MD5
3fcfd5c852a561e4cd8c7d8017ffdb6e
-
SHA1
0f2a20dedede3b6469ef69f0460a56212bb07195
-
SHA256
e732400bb2faeda3a30c82f825003f4b12a5b1e53f1b7f508e1e7f14130a1487
-
SHA512
52946b7f520c34f098229b4830417510d17fe04ce056e4a90ddf37251c005323c331e29a37cd2d755d6a22160dc04de9320c72d32a79a37775033f380e356980
-
SSDEEP
1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N
Behavioral task
behavioral1
Sample
e732400bb2faeda3a30c82f825003f4b12a5b1e53f1b7f508e1e7f14130a1487.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
e732400bb2faeda3a30c82f825003f4b12a5b1e53f1b7f508e1e7f14130a1487
-
Size
315KB
-
MD5
3fcfd5c852a561e4cd8c7d8017ffdb6e
-
SHA1
0f2a20dedede3b6469ef69f0460a56212bb07195
-
SHA256
e732400bb2faeda3a30c82f825003f4b12a5b1e53f1b7f508e1e7f14130a1487
-
SHA512
52946b7f520c34f098229b4830417510d17fe04ce056e4a90ddf37251c005323c331e29a37cd2d755d6a22160dc04de9320c72d32a79a37775033f380e356980
-
SSDEEP
1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N
-
Modifies firewall policy service
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-