General
-
Target
8abea63ae718961fedbb03715ef8ae75a0692ce147d63022861b34f5a6b441ef
-
Size
1.5MB
-
Sample
221202-1wyg4shb83
-
MD5
5f5bb24ef830fbb5f551d5b38d60df97
-
SHA1
20e9f9002e049cd73a628a1448a853cbb84f4514
-
SHA256
8abea63ae718961fedbb03715ef8ae75a0692ce147d63022861b34f5a6b441ef
-
SHA512
d8f2b8ff8d053a3415706c280b6eca0ea4b5e258b17d62372521279e67d8a5a8ae85bfeaf59f69c8a983f4cf7a44018caa75eb832861da222794f6e288b72a18
-
SSDEEP
24576:rg3YT2QMW8gwS+LgKrROcuZEROM/2K4AyVQx1i/I4ESJJKaPRR6nAETVgLk0gQv:rg3YTr7u1fELK4Cx1r2JJhj6ApLLgQ
Static task
static1
Behavioral task
behavioral1
Sample
8abea63ae718961fedbb03715ef8ae75a0692ce147d63022861b34f5a6b441ef.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
8abea63ae718961fedbb03715ef8ae75a0692ce147d63022861b34f5a6b441ef
-
Size
1.5MB
-
MD5
5f5bb24ef830fbb5f551d5b38d60df97
-
SHA1
20e9f9002e049cd73a628a1448a853cbb84f4514
-
SHA256
8abea63ae718961fedbb03715ef8ae75a0692ce147d63022861b34f5a6b441ef
-
SHA512
d8f2b8ff8d053a3415706c280b6eca0ea4b5e258b17d62372521279e67d8a5a8ae85bfeaf59f69c8a983f4cf7a44018caa75eb832861da222794f6e288b72a18
-
SSDEEP
24576:rg3YT2QMW8gwS+LgKrROcuZEROM/2K4AyVQx1i/I4ESJJKaPRR6nAETVgLk0gQv:rg3YTr7u1fELK4Cx1r2JJhj6ApLLgQ
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-