General
-
Target
f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f
-
Size
566KB
-
Sample
221130-rq482abg41
-
MD5
519326c59b148171f46535c4dc22dc76
-
SHA1
6faec1ae10c597455ff6768425c3c57aa31fd855
-
SHA256
f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f
-
SHA512
6ba4e65739617f2d174bb3bd840ca8d81e1d5cfc4e6849d876a281f01c78ac5a20e22132542f1c0b7dc20e6be24495cdca623121a4a2c410be9f48fefdade903
-
SSDEEP
12288:e0nyfXuIBDtfuRhKzh5jOZ03O21JDM7eAc/cIkj1LJ+Ul5yxWA9:rny/f9uRhKzT53Bhhkj1LyD
Malware Config
Targets
-
-
Target
f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f
-
Size
566KB
-
MD5
519326c59b148171f46535c4dc22dc76
-
SHA1
6faec1ae10c597455ff6768425c3c57aa31fd855
-
SHA256
f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f
-
SHA512
6ba4e65739617f2d174bb3bd840ca8d81e1d5cfc4e6849d876a281f01c78ac5a20e22132542f1c0b7dc20e6be24495cdca623121a4a2c410be9f48fefdade903
-
SSDEEP
12288:e0nyfXuIBDtfuRhKzh5jOZ03O21JDM7eAc/cIkj1LJ+Ul5yxWA9:rny/f9uRhKzT53Bhhkj1LyD
Score8/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-