General
-
Target
144fed083fecd1a36b5892ac3ccae575f4895a886b12cfa4395600e71149247c
-
Size
1.2MB
-
Sample
221128-ts5cxscb7t
-
MD5
5fcab883f8312424523dc63fb0e3154c
-
SHA1
bfbed5a8b496b44eae2045234fa39c2b21458618
-
SHA256
144fed083fecd1a36b5892ac3ccae575f4895a886b12cfa4395600e71149247c
-
SHA512
0c5764a4b9841bdca6d9c85706612bc9cf0c935de7499c33b570f4613d53ea09d0d2dbe19cf17f1828b6602b130985265658c9a32d3054e89d4a4bb0778816cc
-
SSDEEP
24576:g/jTZeL2E6S4mWMvW7d1385F0+nHG1gw3:UgL16hnyrHw
Malware Config
Targets
-
-
Target
144fed083fecd1a36b5892ac3ccae575f4895a886b12cfa4395600e71149247c
-
Size
1.2MB
-
MD5
5fcab883f8312424523dc63fb0e3154c
-
SHA1
bfbed5a8b496b44eae2045234fa39c2b21458618
-
SHA256
144fed083fecd1a36b5892ac3ccae575f4895a886b12cfa4395600e71149247c
-
SHA512
0c5764a4b9841bdca6d9c85706612bc9cf0c935de7499c33b570f4613d53ea09d0d2dbe19cf17f1828b6602b130985265658c9a32d3054e89d4a4bb0778816cc
-
SSDEEP
24576:g/jTZeL2E6S4mWMvW7d1385F0+nHG1gw3:UgL16hnyrHw
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-