General
-
Target
adfc77638b14b736d74169bcb6943bc9f92a50dea1a0596a36880400cae5fdc0
-
Size
120KB
-
Sample
221204-2873rahh2x
-
MD5
369284a974fd9dc5fe6a7da812c9d40c
-
SHA1
407c2ab19dbcb1c883c7167ff7404a2788ee4023
-
SHA256
adfc77638b14b736d74169bcb6943bc9f92a50dea1a0596a36880400cae5fdc0
-
SHA512
b9767fb0e19f757ec268123c5c0304210ae29b66d9dc063341e6a5ed040dcd82605fd337820b6970338c04d1de0394380ec50d714e839a4863bc8b1054d76077
-
SSDEEP
3072:0Xqc+pYL51ZskXs7IeXRcMjPdqwboU1xY0w+O:0XEpwsk8z9FVz3Y0fO
Static task
static1
Behavioral task
behavioral1
Sample
adfc77638b14b736d74169bcb6943bc9f92a50dea1a0596a36880400cae5fdc0.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
adfc77638b14b736d74169bcb6943bc9f92a50dea1a0596a36880400cae5fdc0
-
Size
120KB
-
MD5
369284a974fd9dc5fe6a7da812c9d40c
-
SHA1
407c2ab19dbcb1c883c7167ff7404a2788ee4023
-
SHA256
adfc77638b14b736d74169bcb6943bc9f92a50dea1a0596a36880400cae5fdc0
-
SHA512
b9767fb0e19f757ec268123c5c0304210ae29b66d9dc063341e6a5ed040dcd82605fd337820b6970338c04d1de0394380ec50d714e839a4863bc8b1054d76077
-
SSDEEP
3072:0Xqc+pYL51ZskXs7IeXRcMjPdqwboU1xY0w+O:0XEpwsk8z9FVz3Y0fO
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-