General
-
Target
3f254afebac05901cbf13abf469b87a7dad28873c7f4ed65921d153fade92892
-
Size
597KB
-
Sample
221126-xvdvjage38
-
MD5
b7cd1c29f4a7f8bbc1b146fee208219f
-
SHA1
4416ab99b383fbf28516c0476285391f033c305b
-
SHA256
3f254afebac05901cbf13abf469b87a7dad28873c7f4ed65921d153fade92892
-
SHA512
02800f466f4a4baaecbac85a7e3a154cd102ee3b872b3f511a703a9c41f83cc1ddac90764a15053e90c29c25663758158fd64cebe9e8c1bb462331f041a65014
-
SSDEEP
12288:Jat0EAH49n8Bu0s4q8xGc55FnU1zRu14+2J1WJeJ+zHn1cS5eS7lU2HzFqz7UEh:4t24r4qU5M1zx/WJSOn1c3OXzFqkEh
Malware Config
Targets
-
-
Target
3f254afebac05901cbf13abf469b87a7dad28873c7f4ed65921d153fade92892
-
Size
597KB
-
MD5
b7cd1c29f4a7f8bbc1b146fee208219f
-
SHA1
4416ab99b383fbf28516c0476285391f033c305b
-
SHA256
3f254afebac05901cbf13abf469b87a7dad28873c7f4ed65921d153fade92892
-
SHA512
02800f466f4a4baaecbac85a7e3a154cd102ee3b872b3f511a703a9c41f83cc1ddac90764a15053e90c29c25663758158fd64cebe9e8c1bb462331f041a65014
-
SSDEEP
12288:Jat0EAH49n8Bu0s4q8xGc55FnU1zRu14+2J1WJeJ+zHn1cS5eS7lU2HzFqz7UEh:4t24r4qU5M1zx/WJSOn1c3OXzFqkEh
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-