General
-
Target
9aab6acf786572e3013cee6ae05915bdf2a4e86da166897ddd030042c233593e
-
Size
4.0MB
-
Sample
221127-17c1jsge5s
-
MD5
c613714d39e2b2bcb8c5d7a6036145ef
-
SHA1
3eef6909f3f8367cc8336f7af00704cf662d6546
-
SHA256
9aab6acf786572e3013cee6ae05915bdf2a4e86da166897ddd030042c233593e
-
SHA512
af61bf7d26f2ed448042f56ce9d597e1289a535c4266ef713b0bc348467a602ec06dbc25b494dd056eacee22567687fce1417d1dc22ec27ada46009f818569cf
-
SSDEEP
98304:MeRrH4bOQgJ0PT+kab/bjoecLdvetq0WoNVs/7eiKo8:MeRrHLxJiT+kaLZostq0WoNweiKo8
Behavioral task
behavioral1
Sample
9aab6acf786572e3013cee6ae05915bdf2a4e86da166897ddd030042c233593e.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
9aab6acf786572e3013cee6ae05915bdf2a4e86da166897ddd030042c233593e
-
Size
4.0MB
-
MD5
c613714d39e2b2bcb8c5d7a6036145ef
-
SHA1
3eef6909f3f8367cc8336f7af00704cf662d6546
-
SHA256
9aab6acf786572e3013cee6ae05915bdf2a4e86da166897ddd030042c233593e
-
SHA512
af61bf7d26f2ed448042f56ce9d597e1289a535c4266ef713b0bc348467a602ec06dbc25b494dd056eacee22567687fce1417d1dc22ec27ada46009f818569cf
-
SSDEEP
98304:MeRrH4bOQgJ0PT+kab/bjoecLdvetq0WoNVs/7eiKo8:MeRrHLxJiT+kaLZostq0WoNweiKo8
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-