General
-
Target
7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
-
Size
600KB
-
Sample
221129-yaz3pscg7y
-
MD5
d59d4957cbed239f9f454a958532f0fb
-
SHA1
20a4c13477daf6d8338b2dd6cd3f15258029974b
-
SHA256
0141ea4548c515c69c3d61c1463235730c18543654c568512dcedd81d26eeac8
-
SHA512
4c3da44793007b0683fbf7cd683c4142e40c9c6a8c9de8868197e89cf3dd69129d47fd3368c809024348e5e321bbe0242a7155e6bd2d58deeb79fdbd38ba8152
-
SSDEEP
12288:mCntmdCr4tMhP5aYJKHVncNbCQB6X/+hiYDq6w:Dt90tMhFJKNUE+E7
Static task
static1
Behavioral task
behavioral1
Sample
7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
-
Size
648KB
-
MD5
4f17d8dcc61d0dea7dd6c4cd0162b246
-
SHA1
d3a2505f416a32ed98e71117db7188cf1a464c5d
-
SHA256
7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
-
SHA512
c4364d742f83dde0aec4a6120f5521bfff3df7e522eb43a3c9bcca6f3fbf3fdd000edb6aeceb2e4c84bebea46a6a3b110f538a982ce41919fb9f8da88ece98b2
-
SSDEEP
12288:cm+6CtnUrur4tohP1aYZKHbncTnCQB6X/MJiY:x+rpX0tohhZKb+YM
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-