General
-
Target
957da2adfac3c95032ae0b8bbba7beb7288ae7a801e5370fe816dd62b3534960
-
Size
1.9MB
-
Sample
221128-wwyewsah7x
-
MD5
ec6e22899512d507a32cadda8e8af406
-
SHA1
2957180a107a7ab59491bad0d840cfc9ba9d7aaf
-
SHA256
957da2adfac3c95032ae0b8bbba7beb7288ae7a801e5370fe816dd62b3534960
-
SHA512
a398bdad1a4a4d0b46d62b34d24a78f6520a5967b9d3f8324b1c2329d234e9ad383f402051e42e813247e4ea7bdc3477dfb49c09c491448a280cc88877878c9a
-
SSDEEP
49152:AkSXhixEgCOWoNGglFS5h2HKFoqv9kq23p+zY15kFm53Sy9:vSRii5HoGSSaHMoOY15kFm5Z
Static task
static1
Behavioral task
behavioral1
Sample
957da2adfac3c95032ae0b8bbba7beb7288ae7a801e5370fe816dd62b3534960.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
957da2adfac3c95032ae0b8bbba7beb7288ae7a801e5370fe816dd62b3534960
-
Size
1.9MB
-
MD5
ec6e22899512d507a32cadda8e8af406
-
SHA1
2957180a107a7ab59491bad0d840cfc9ba9d7aaf
-
SHA256
957da2adfac3c95032ae0b8bbba7beb7288ae7a801e5370fe816dd62b3534960
-
SHA512
a398bdad1a4a4d0b46d62b34d24a78f6520a5967b9d3f8324b1c2329d234e9ad383f402051e42e813247e4ea7bdc3477dfb49c09c491448a280cc88877878c9a
-
SSDEEP
49152:AkSXhixEgCOWoNGglFS5h2HKFoqv9kq23p+zY15kFm53Sy9:vSRii5HoGSSaHMoOY15kFm5Z
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-