General
-
Target
068a77415bcdb732b1b5f9578c35a9363c3d58c336710a14d048961929fbc19b
-
Size
152KB
-
Sample
221128-yls4jace27
-
MD5
aeee83311a512ec9cf9b75f275393f71
-
SHA1
f352dc141d7fa94f03dc2e91e61e7b504e48d7a6
-
SHA256
068a77415bcdb732b1b5f9578c35a9363c3d58c336710a14d048961929fbc19b
-
SHA512
d20a925c7ab62758ea3f33ee5f470fbccd055cf076f1b38ea6716ebbe26192ff14155fa9b783eb4de5e6829d67215e6c460b88b8df096eca2ba874530f376e27
-
SSDEEP
3072:a4GYFgcGF5CAZjl/KRdG0hqwLx/igQXEkG+jHpP46LyvjpLi:ahYmCAZxKRdGk/AEkG2N3Y9Li
Static task
static1
Behavioral task
behavioral1
Sample
068a77415bcdb732b1b5f9578c35a9363c3d58c336710a14d048961929fbc19b.dll
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
068a77415bcdb732b1b5f9578c35a9363c3d58c336710a14d048961929fbc19b
-
Size
152KB
-
MD5
aeee83311a512ec9cf9b75f275393f71
-
SHA1
f352dc141d7fa94f03dc2e91e61e7b504e48d7a6
-
SHA256
068a77415bcdb732b1b5f9578c35a9363c3d58c336710a14d048961929fbc19b
-
SHA512
d20a925c7ab62758ea3f33ee5f470fbccd055cf076f1b38ea6716ebbe26192ff14155fa9b783eb4de5e6829d67215e6c460b88b8df096eca2ba874530f376e27
-
SSDEEP
3072:a4GYFgcGF5CAZjl/KRdG0hqwLx/igQXEkG+jHpP46LyvjpLi:ahYmCAZxKRdGk/AEkG2N3Y9Li
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-