General
-
Target
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36
-
Size
1.3MB
-
Sample
221128-wde6lahc8s
-
MD5
410612cb41fe82d39059b48a43f02136
-
SHA1
67f7fd1fa044aaaa96e3eae0e721c7d470fa6703
-
SHA256
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36
-
SHA512
41440fba7d996907b23078813a0a1f980c3b6a7fe0379a818f9168ede2ded240346059087be9f816d7e87ca100fd50781e9743f955948a8abf35b83ea40a8b9e
-
SSDEEP
12288:yZM3GMiUdXrc0y+QjmcgrAtUwo4rwjVjRCTnZ2V/O:y9qwodjVjMTn4G
Static task
static1
Behavioral task
behavioral1
Sample
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36
-
Size
1.3MB
-
MD5
410612cb41fe82d39059b48a43f02136
-
SHA1
67f7fd1fa044aaaa96e3eae0e721c7d470fa6703
-
SHA256
6411d6c24280f07a64248e1442cad9138df636556f6c388c31e9df3907bb4d36
-
SHA512
41440fba7d996907b23078813a0a1f980c3b6a7fe0379a818f9168ede2ded240346059087be9f816d7e87ca100fd50781e9743f955948a8abf35b83ea40a8b9e
-
SSDEEP
12288:yZM3GMiUdXrc0y+QjmcgrAtUwo4rwjVjRCTnZ2V/O:y9qwodjVjMTn4G
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-