General
-
Target
eed34df5ae4ba41952148c118e306bc522dd3248a8f288e7d0eacd32d61911b1
-
Size
1.3MB
-
Sample
221128-sqvj9sda97
-
MD5
e969721bbcbbaecaf72ab2bc214cb9c1
-
SHA1
50fb570b74d03bc5ac25c8b4972249360fac711a
-
SHA256
eed34df5ae4ba41952148c118e306bc522dd3248a8f288e7d0eacd32d61911b1
-
SHA512
64f06ffa75d3d908e15bca45b7cbb08f40e9172fb830119cc9686220a17c2b362189c96f1308f126799b0083ad9d39212da232169480c368d848913df3e7e9f7
-
SSDEEP
24576:3tb20pkaCqT5TBWgNQ7aKC0N39gKSKLb2sr5wUCsNOLJ6A:0Vg5tQ7aKdN3KKS2b2sr5b5O5
Malware Config
Targets
-
-
Target
eed34df5ae4ba41952148c118e306bc522dd3248a8f288e7d0eacd32d61911b1
-
Size
1.3MB
-
MD5
e969721bbcbbaecaf72ab2bc214cb9c1
-
SHA1
50fb570b74d03bc5ac25c8b4972249360fac711a
-
SHA256
eed34df5ae4ba41952148c118e306bc522dd3248a8f288e7d0eacd32d61911b1
-
SHA512
64f06ffa75d3d908e15bca45b7cbb08f40e9172fb830119cc9686220a17c2b362189c96f1308f126799b0083ad9d39212da232169480c368d848913df3e7e9f7
-
SSDEEP
24576:3tb20pkaCqT5TBWgNQ7aKC0N39gKSKLb2sr5wUCsNOLJ6A:0Vg5tQ7aKdN3KKS2b2sr5b5O5
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-