General
-
Target
9e7f0d1ad6435bad3f7ef41860c0ab23d6da20962d9b6f27b186ca668241bc5f
-
Size
714KB
-
Sample
221205-m1na2sgb9t
-
MD5
45103e5ac9b49f10d50aa7406a9f4097
-
SHA1
30c3ba8b542e5eb73ee765c7dd97440f9f4c41ba
-
SHA256
9e7f0d1ad6435bad3f7ef41860c0ab23d6da20962d9b6f27b186ca668241bc5f
-
SHA512
b1c0b5fa5df5069b82913f082637846a77bf6028ca432edc02f8c087c7619228937dc29b5a1fdeefda3e36b491371f4b947879f9bd78fa8b2aa3ba7efacc2077
-
SSDEEP
12288:B2pr0l2ZmCnrv6h+7Mt1Q33S+n5zN7O7PrgsJc4KdlOo+h2f3DqWl:grA2MCv6h+QtC33Sgh74LcOph2PDF
Malware Config
Targets
-
-
Target
9e7f0d1ad6435bad3f7ef41860c0ab23d6da20962d9b6f27b186ca668241bc5f
-
Size
714KB
-
MD5
45103e5ac9b49f10d50aa7406a9f4097
-
SHA1
30c3ba8b542e5eb73ee765c7dd97440f9f4c41ba
-
SHA256
9e7f0d1ad6435bad3f7ef41860c0ab23d6da20962d9b6f27b186ca668241bc5f
-
SHA512
b1c0b5fa5df5069b82913f082637846a77bf6028ca432edc02f8c087c7619228937dc29b5a1fdeefda3e36b491371f4b947879f9bd78fa8b2aa3ba7efacc2077
-
SSDEEP
12288:B2pr0l2ZmCnrv6h+7Mt1Q33S+n5zN7O7PrgsJc4KdlOo+h2f3DqWl:grA2MCv6h+QtC33Sgh74LcOph2PDF
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-