General
-
Target
c101131318f582f4e5cbb47f039efcb1ce9de2446fc9870892e82933d0fe8fb2
-
Size
605KB
-
Sample
221203-cd3r4sed22
-
MD5
68b23221d1af190c3bfadd23fc64e87d
-
SHA1
1e6ae48e30d17c3e2acab6f1567ec2b380391e82
-
SHA256
c101131318f582f4e5cbb47f039efcb1ce9de2446fc9870892e82933d0fe8fb2
-
SHA512
ebe0a16676545a37d5692b75abc552f35f69a14a4d04c0b12f9021fcbc14ca3fdb1c59b59ae2f5b58bc8bdb69e15a8e2d041d738fadbf23e02ab6de7087e55be
-
SSDEEP
6144:g/sxRbSSN0fItQTG2BDqVMRs3HaMlFZqGT2/dSfLpkPHR39OL85GUS4rg:ggSYjOGk8AVHU85
Static task
static1
Behavioral task
behavioral1
Sample
c101131318f582f4e5cbb47f039efcb1ce9de2446fc9870892e82933d0fe8fb2.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
c101131318f582f4e5cbb47f039efcb1ce9de2446fc9870892e82933d0fe8fb2
-
Size
605KB
-
MD5
68b23221d1af190c3bfadd23fc64e87d
-
SHA1
1e6ae48e30d17c3e2acab6f1567ec2b380391e82
-
SHA256
c101131318f582f4e5cbb47f039efcb1ce9de2446fc9870892e82933d0fe8fb2
-
SHA512
ebe0a16676545a37d5692b75abc552f35f69a14a4d04c0b12f9021fcbc14ca3fdb1c59b59ae2f5b58bc8bdb69e15a8e2d041d738fadbf23e02ab6de7087e55be
-
SSDEEP
6144:g/sxRbSSN0fItQTG2BDqVMRs3HaMlFZqGT2/dSfLpkPHR39OL85GUS4rg:ggSYjOGk8AVHU85
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-