General
-
Target
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7
-
Size
728KB
-
Sample
221201-d4c5taed9y
-
MD5
2799fa8954b1c828615767c47141d559
-
SHA1
12ea7159dbf19a50c4fbee71697d652a2fc618c9
-
SHA256
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7
-
SHA512
b7a3b0092cbb9014ed7f8257f33eec61221dce660c34d3929e863dbed205ebfeb1276aa568aa7545e0c6e7e890a379c7ceaeed681e57869ee44e0793fb6d6b82
-
SSDEEP
12288:MaP0UExE1TZZwLFHWw/YAwg8Roam2W64m7ZRYq+TDbr8rtJ:MLUEiTbqFHypg1amR64rpnQrtJ
Static task
static1
Behavioral task
behavioral1
Sample
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7
-
Size
728KB
-
MD5
2799fa8954b1c828615767c47141d559
-
SHA1
12ea7159dbf19a50c4fbee71697d652a2fc618c9
-
SHA256
6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7
-
SHA512
b7a3b0092cbb9014ed7f8257f33eec61221dce660c34d3929e863dbed205ebfeb1276aa568aa7545e0c6e7e890a379c7ceaeed681e57869ee44e0793fb6d6b82
-
SSDEEP
12288:MaP0UExE1TZZwLFHWw/YAwg8Roam2W64m7ZRYq+TDbr8rtJ:MLUEiTbqFHypg1amR64rpnQrtJ
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-