General
-
Target
dddc03048feb18016f0c6a34795c3b1bfb9a016fa4301f8efa4b4ae0685f52e4
-
Size
257KB
-
Sample
221202-136gashg27
-
MD5
a911bfbc1a3e58c90af3068277d897bd
-
SHA1
230a72563a253e262a64d7bbc2ef9f64c317f35b
-
SHA256
dddc03048feb18016f0c6a34795c3b1bfb9a016fa4301f8efa4b4ae0685f52e4
-
SHA512
0783d092917a81eb31cff7438b358d1bb066d68e0247c0c2f828e14e1cdedf199f8500da01d36b29a9e00a3dd7fb5680d7728d0766a0a7ba72c7880845a35049
-
SSDEEP
6144:qha6zCh4avYHQA2R2rdhifyMSGL0Cv9CV+b3rT:qMhHmQAKMi0Y0CVm+bbT
Static task
static1
Behavioral task
behavioral1
Sample
dddc03048feb18016f0c6a34795c3b1bfb9a016fa4301f8efa4b4ae0685f52e4.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
dddc03048feb18016f0c6a34795c3b1bfb9a016fa4301f8efa4b4ae0685f52e4
-
Size
257KB
-
MD5
a911bfbc1a3e58c90af3068277d897bd
-
SHA1
230a72563a253e262a64d7bbc2ef9f64c317f35b
-
SHA256
dddc03048feb18016f0c6a34795c3b1bfb9a016fa4301f8efa4b4ae0685f52e4
-
SHA512
0783d092917a81eb31cff7438b358d1bb066d68e0247c0c2f828e14e1cdedf199f8500da01d36b29a9e00a3dd7fb5680d7728d0766a0a7ba72c7880845a35049
-
SSDEEP
6144:qha6zCh4avYHQA2R2rdhifyMSGL0Cv9CV+b3rT:qMhHmQAKMi0Y0CVm+bbT
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-