General
-
Target
SecuriteInfo.com.Trojan.Garf.Gen.6.7190.31519.exe
-
Size
272KB
-
Sample
221213-e4tm8sde74
-
MD5
1d4d868cf4d8698f270a73cd58c7f41f
-
SHA1
1b16a35ff3b7656262ebdce1e2fdc0148ad3bf4e
-
SHA256
afb4878ecf77a506fee3c5d2b817d8197edd0df8baddb32563027023e6bf35cc
-
SHA512
7c5ffc0bbb762803b57899dc93055e29c60f4fbbf4577a76d3b81ca60a3a2f9c48c8e20abccc5e8aa009efe3261a96566b350caadac6793358b46e63c92543be
-
SSDEEP
6144:9kw0oUn1IawKrpSts87Jsaz1Dq5RIzEuSX205hfBO:goU1YKrpStsotDq5R89KrXs
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Garf.Gen.6.7190.31519.exe
Resource
win7-20221111-en
Malware Config
Extracted
formbook
scse
SKpYFyVNT2zunKf0uuM=
FlEHUseI7I5XbrO8fR/XBcS9ZA==
FPuxoUOxkLiATugw
VKdxsDSk0jdT5Kw=
FpqHf9iI/1tl97E=
YGI6sIl3UIxfZvlD+JiUuuLR
oBAEO0suBEAD5aK00A==
RKJqTzg4gQ/Q6DYSuTjDGkwuyl0ik5Kb8w==
VFg9s3W0/Ype8A3cZb+D7g==
hwD+VNd6014nrsaTWm4FBcS9ZA==
zkAdUq1soKYUfZaTqLmL
XVQ9WbRivUIQ477a/hKv+g==
QireF2geizAwmp674AGc5g==
PSTUQxs6j8OATugw
LHJhyy2VbX8NEqf0uuM=
MiY1vg6T3HqATugw
wqkUjaVXnGgBqA==
jUr/eUtSIT01Wegt
PjQidcqKzAbSZICUZb+D7g==
OkAmcv12sUEAIHwFHakzdIo2FPHw
zyDLsw+3I3H6gnaGZb+D7g==
ll0HRs5IJGxCZMJPahHgOt2RqjU=
YqaIEokHuw6V
jGJG11YCObJ+IQIXCW8KU+ZcbA==
jv4ITr8zITdT5Kw=
nXYro3yHe5YV5aK00A==
rJt1IPkxeQDUayhVCJyUuuLR
oFwz1DUU/RdD5aK00A==
FHlVTKEVIRFE5aK00A==
8GhjL2lJOWD+5aK00A==
k3BLouunGsagwhAi6oeUuuLR
p45GiQN5bZMjR9karDwDa442FPHw
Zdd7rVCKu/b3TIVU6t/lP92RqjU=
wyjxGjYHuw6V
nW5RrwV6yTdT5Kw=
itzGDGclWW4SqnLBSWH5Pt2RqjU=
8zwgceJYRWn+DKf0uuM=
EmojFmj027tsHrs=
ExQEPY5UyyS00HPvNNCH8w==
laiGCZRTkbg/XAl/Zb+D7g==
wYQysWBl+DdT5Kw=
MWo3rYV3XoAJ5aK00A==
hnht0SrcDR+XpjV6H6WUuuLR
rxqw6S7qG8A=
aEcfph/RAUAcfZYnXOw=
EXdVkuuzJ8eEjkTROs2D
MDYsc8l6w0wM7ZOiyQ==
Rw3XPwT+8UID5aK00A==
zDPp+Pskft/5iqS+0Q==
Z8h8hYCm/ULHXQ+YY2kJBcS9ZA==
vTDkm31vabx5EfoFMjLsVpBlz+fQfg==
+EcrRpZyp7tFba65dhvXBcS9ZA==
rHVJpwl6dLSATugw
gUoTghFSoTMpiXyQe9N3uOjQ
47Zwn/CkFQCty07ROs2D
NYkP+jcHuw6V
nfvdFnkHuw6V
L4piRRhAmfwGKITjemhRkmQ=
s6Jdx36Q+t5U7LE=
58iYH6dVmzYCnHZ/Zb+D7g==
IQ/WHZJWuVUD5aK00A==
Cf6t72PUxhnicjvBiFxqP0o2FPHw
DQr7l4R4rlEJ5aK00A==
62gezKeQv8mIIBbcZb+D7g==
kmuregister.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Garf.Gen.6.7190.31519.exe
-
Size
272KB
-
MD5
1d4d868cf4d8698f270a73cd58c7f41f
-
SHA1
1b16a35ff3b7656262ebdce1e2fdc0148ad3bf4e
-
SHA256
afb4878ecf77a506fee3c5d2b817d8197edd0df8baddb32563027023e6bf35cc
-
SHA512
7c5ffc0bbb762803b57899dc93055e29c60f4fbbf4577a76d3b81ca60a3a2f9c48c8e20abccc5e8aa009efe3261a96566b350caadac6793358b46e63c92543be
-
SSDEEP
6144:9kw0oUn1IawKrpSts87Jsaz1Dq5RIzEuSX205hfBO:goU1YKrpStsotDq5R89KrXs
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-