General
-
Target
63c9d0f6a29b0f219f00a850c41144c5041fc1b33bd905b5cd4239e5a2ab06e2
-
Size
965KB
-
Sample
221126-s4qhgahd6x
-
MD5
925c5799af9bad558c7b67e3eae9c7b9
-
SHA1
27c39a087d526d859b71035399a69ad31f2098a6
-
SHA256
63c9d0f6a29b0f219f00a850c41144c5041fc1b33bd905b5cd4239e5a2ab06e2
-
SHA512
6dca8dd42d137572bbc128cb86589d11e66de56a0c7ade648507d0a36e54095d3ad00f44c46926c7fa40453a0ecc5131f02887cb0e685c7cfd81865b3f4cb18c
-
SSDEEP
24576:htb20pkaCqT5TBWgNQ7awG92RH4uEFWY6A:yVg5tQ7awG92RY3F/5
Malware Config
Targets
-
-
Target
63c9d0f6a29b0f219f00a850c41144c5041fc1b33bd905b5cd4239e5a2ab06e2
-
Size
965KB
-
MD5
925c5799af9bad558c7b67e3eae9c7b9
-
SHA1
27c39a087d526d859b71035399a69ad31f2098a6
-
SHA256
63c9d0f6a29b0f219f00a850c41144c5041fc1b33bd905b5cd4239e5a2ab06e2
-
SHA512
6dca8dd42d137572bbc128cb86589d11e66de56a0c7ade648507d0a36e54095d3ad00f44c46926c7fa40453a0ecc5131f02887cb0e685c7cfd81865b3f4cb18c
-
SSDEEP
24576:htb20pkaCqT5TBWgNQ7awG92RH4uEFWY6A:yVg5tQ7awG92RY3F/5
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-