General
-
Target
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743
-
Size
1009KB
-
Sample
221128-e3cckaaf7s
-
MD5
63280dedabfe7caec283920f1b5ee3dd
-
SHA1
5efc119e54f35770a9dae6997b550982c82cc86b
-
SHA256
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743
-
SHA512
45e0108743f5922352980565df9f24ac1bddf8b15aca4e00a58affd8bc9136eee5144fa53fa91c2a76cd0bdbbc366b41f9b9d978da88328ef7c91ff55c6a9983
-
SSDEEP
12288:RKfc7b5LkodZkB0YH6lmtSOE2UfQS/x1W5bUPodfCEVYHBF60GRGq4B:RKE7ttoBEmN3a/x1wBYh0I
Static task
static1
Behavioral task
behavioral1
Sample
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\Decrypt All Files yqyhzxi.txt
http://65y3g34c4zk3xkh2.onion.cab
http://65y3g34c4zk3xkh2.tor2web.org
http://65y3g34c4zk3xkh2.onion/
Extracted
C:\ProgramData\zlwdkgg.html
http-equiv='Content-Type
Extracted
C:\ProgramData\zlwdkgg.html
http://65y3g34c4zk3xkh2.onion.cab
http://65y3g34c4zk3xkh2.tor2web.org
http://65y3g34c4zk3xkh2.onion
Targets
-
-
Target
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743
-
Size
1009KB
-
MD5
63280dedabfe7caec283920f1b5ee3dd
-
SHA1
5efc119e54f35770a9dae6997b550982c82cc86b
-
SHA256
250684f6de27ae57738e361aa0b3cc967f27e8d017817dcef0199f5cbd0e7743
-
SHA512
45e0108743f5922352980565df9f24ac1bddf8b15aca4e00a58affd8bc9136eee5144fa53fa91c2a76cd0bdbbc366b41f9b9d978da88328ef7c91ff55c6a9983
-
SSDEEP
12288:RKfc7b5LkodZkB0YH6lmtSOE2UfQS/x1W5bUPodfCEVYHBF60GRGq4B:RKE7ttoBEmN3a/x1wBYh0I
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-