General
-
Target
ef51c68ec438cf1245fbbac8af8a2f38bcbe3cb2f9e105e46224fcaa8d52f9ab
-
Size
226KB
-
Sample
221204-l7km3add21
-
MD5
e1a68fd193ea6f726077f859cf44cfa9
-
SHA1
70cfa4d3cfd10afcf0aab0b95aef12e0ca021271
-
SHA256
ef51c68ec438cf1245fbbac8af8a2f38bcbe3cb2f9e105e46224fcaa8d52f9ab
-
SHA512
3bd74f85b94982b93e339b14ac7a1acb2ad95fb878ebe9b1a43736043e73e6b7082cf541e228519a09c989fe127ceab1bb558125fc351faecda27e6265e79023
-
SSDEEP
3072:9p1I47QE7GxrKLgp0kEEtPMIXHM+gRCM1m5bcT8ULR4g:bO4rgmzmxg9obg1O
Malware Config
Targets
-
-
Target
ef51c68ec438cf1245fbbac8af8a2f38bcbe3cb2f9e105e46224fcaa8d52f9ab
-
Size
226KB
-
MD5
e1a68fd193ea6f726077f859cf44cfa9
-
SHA1
70cfa4d3cfd10afcf0aab0b95aef12e0ca021271
-
SHA256
ef51c68ec438cf1245fbbac8af8a2f38bcbe3cb2f9e105e46224fcaa8d52f9ab
-
SHA512
3bd74f85b94982b93e339b14ac7a1acb2ad95fb878ebe9b1a43736043e73e6b7082cf541e228519a09c989fe127ceab1bb558125fc351faecda27e6265e79023
-
SSDEEP
3072:9p1I47QE7GxrKLgp0kEEtPMIXHM+gRCM1m5bcT8ULR4g:bO4rgmzmxg9obg1O
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-