General
-
Target
9f932b1a95863ee39911bd5ea8d49ff17b0930f34ebcebae70d7f2ea6b130a2c
-
Size
220KB
-
Sample
221204-2ys6vade24
-
MD5
2b8767529bdf678f3b6adb26da46f393
-
SHA1
d375c1af8dda778fbfb2898447838ffe245a9f8d
-
SHA256
9f932b1a95863ee39911bd5ea8d49ff17b0930f34ebcebae70d7f2ea6b130a2c
-
SHA512
57bd41e3284fa5ce51544a0301dfc677ca82ac1149240fffc6d5fe6a36ac2ae82a5b9ff948b3c66ac535bbf3e9b01b7133e2e6109d09fb831b689e95bdf3f27b
-
SSDEEP
6144:vU5B0NZ2oFsETmEY83TN5ZZDbDBH+RBE0/F:QOtFsoVYAjmhF
Static task
static1
Behavioral task
behavioral1
Sample
9f932b1a95863ee39911bd5ea8d49ff17b0930f34ebcebae70d7f2ea6b130a2c.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
9f932b1a95863ee39911bd5ea8d49ff17b0930f34ebcebae70d7f2ea6b130a2c
-
Size
220KB
-
MD5
2b8767529bdf678f3b6adb26da46f393
-
SHA1
d375c1af8dda778fbfb2898447838ffe245a9f8d
-
SHA256
9f932b1a95863ee39911bd5ea8d49ff17b0930f34ebcebae70d7f2ea6b130a2c
-
SHA512
57bd41e3284fa5ce51544a0301dfc677ca82ac1149240fffc6d5fe6a36ac2ae82a5b9ff948b3c66ac535bbf3e9b01b7133e2e6109d09fb831b689e95bdf3f27b
-
SSDEEP
6144:vU5B0NZ2oFsETmEY83TN5ZZDbDBH+RBE0/F:QOtFsoVYAjmhF
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-