General
-
Target
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578
-
Size
423KB
-
Sample
221128-sfyh6scc23
-
MD5
30fef7a6b68924f24eb2b72ab6c56961
-
SHA1
5f3416614de227c350c5205f1fd6438b4a1b5dd0
-
SHA256
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578
-
SHA512
f48dfadafd8ed66d0eeaa2b739793c20d41001a8130a790826767a1c11166a558ba7032048a343f304eebb51c84a508cca40059eb629dda65c6ce5b6fa8fa5ac
-
SSDEEP
12288:w6Wq4aaE6KwyF5L0Y2D1PqLnRI/BcLAiMJCD:GthEVaPqLnOBvigCD
Behavioral task
behavioral1
Sample
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578
-
Size
423KB
-
MD5
30fef7a6b68924f24eb2b72ab6c56961
-
SHA1
5f3416614de227c350c5205f1fd6438b4a1b5dd0
-
SHA256
00afc0c8f639a7135043e56fde00baedfb32119a9a267a0c44e05147b1816578
-
SHA512
f48dfadafd8ed66d0eeaa2b739793c20d41001a8130a790826767a1c11166a558ba7032048a343f304eebb51c84a508cca40059eb629dda65c6ce5b6fa8fa5ac
-
SSDEEP
12288:w6Wq4aaE6KwyF5L0Y2D1PqLnRI/BcLAiMJCD:GthEVaPqLnOBvigCD
Score8/10-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-