General
-
Target
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8
-
Size
372KB
-
Sample
221128-e3qvysaf81
-
MD5
7de1750d1c18abc7625d3aa4c0647d96
-
SHA1
474e30032017bd76d9c44df06b3f779f404d7823
-
SHA256
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8
-
SHA512
f7344382d112dcf8cfef8a390dbf313618880fa4017a31e63f72c4e11d647451333731433eb4f08cedcd371bae3d5f327f0b2c19bb64026edbff092adfd57746
-
SSDEEP
6144:90tCnRyUFrHko+wU21RTJInao0scy+cAZOe/6VL11meQfah3WGhzfNHjrvq3KWSu:7RzeoswR9JoxiL/UmeQfah3WYxVhbLc
Static task
static1
Behavioral task
behavioral1
Sample
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-2386679933-1492765628-3466841596-1000\Recovery+gshdd.txt
http://ytrest84y5i456hghadefdsd.pontogrot.com/35DBEF295EC2D457
http://prest54538hnksjn4kjfwdbhwere.hotchunman.com/35DBEF295EC2D457
http://5rport45vcdef345adfkksawe.bematvocal.at/35DBEF295EC2D457
http://xlowfznrg4wf7dli.onion/35DBEF295EC2D457
http://xlowfznrg4wf7dli.ONION/35DBEF295EC2D457
Targets
-
-
Target
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8
-
Size
372KB
-
MD5
7de1750d1c18abc7625d3aa4c0647d96
-
SHA1
474e30032017bd76d9c44df06b3f779f404d7823
-
SHA256
ad3a9d7402d494048c934b5af612bdf8da822fa7b22e57b8fe48e98a92f772b8
-
SHA512
f7344382d112dcf8cfef8a390dbf313618880fa4017a31e63f72c4e11d647451333731433eb4f08cedcd371bae3d5f327f0b2c19bb64026edbff092adfd57746
-
SSDEEP
6144:90tCnRyUFrHko+wU21RTJInao0scy+cAZOe/6VL11meQfah3WGhzfNHjrvq3KWSu:7RzeoswR9JoxiL/UmeQfah3WYxVhbLc
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-