General
-
Target
windll32.exe
-
Size
57KB
-
Sample
221207-gdfd2acf81
-
MD5
3c7f22b2aec2778946449c555b71abf9
-
SHA1
230eb5af23d0fd72331f056e4b6bdb3d43c6671a
-
SHA256
51db4d2c54e299ae26b3085633aa79476560f9a2f5cc4328683cdee5fb6591fe
-
SHA512
cd1a439ba1b8e11d7203ed5cbe145245017ab8980feb08c3786ebb493b847cfab9934eb4fff3bc99f71594c05092c31fe78a6a86bfa2fa4089ee9ebd5afee85b
-
SSDEEP
1536:8uYH9T34l26qvDm3bbXSMZyuB3ibtdXxKDHz/kP0N:8uYdT34l26QDm3bbFl2t1xKXkP0N
Behavioral task
behavioral1
Sample
windll32.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
windll32.exe
-
Size
57KB
-
MD5
3c7f22b2aec2778946449c555b71abf9
-
SHA1
230eb5af23d0fd72331f056e4b6bdb3d43c6671a
-
SHA256
51db4d2c54e299ae26b3085633aa79476560f9a2f5cc4328683cdee5fb6591fe
-
SHA512
cd1a439ba1b8e11d7203ed5cbe145245017ab8980feb08c3786ebb493b847cfab9934eb4fff3bc99f71594c05092c31fe78a6a86bfa2fa4089ee9ebd5afee85b
-
SSDEEP
1536:8uYH9T34l26qvDm3bbXSMZyuB3ibtdXxKDHz/kP0N:8uYdT34l26QDm3bbFl2t1xKXkP0N
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-