General
-
Target
c59591667e3592188badb37d5b494cf93518e104219cbe91c74c9753ab74ea8e
-
Size
120KB
-
Sample
230129-jbkbbafc9x
-
MD5
016030e3fd20263c5e903d8713316c7a
-
SHA1
7b1c61052a9046ee1639b61b89e012021aa63bcc
-
SHA256
c59591667e3592188badb37d5b494cf93518e104219cbe91c74c9753ab74ea8e
-
SHA512
113cfcaeb8bb5b7bc35047341a345fc50086081cb02e7ec5cd3f8327bbf3cd9fbcf744bd849bbf6804ada30683c8e7605cd68d8e976763414f09cf43619e473e
-
SSDEEP
3072:Ig+3fh/PHrgNUqOBx4J2vNbGfvGnd3gW5ZM4/uBnz:h+3fRb9NdndPZMTF
Behavioral task
behavioral1
Sample
c59591667e3592188badb37d5b494cf93518e104219cbe91c74c9753ab74ea8e.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
c59591667e3592188badb37d5b494cf93518e104219cbe91c74c9753ab74ea8e
-
Size
120KB
-
MD5
016030e3fd20263c5e903d8713316c7a
-
SHA1
7b1c61052a9046ee1639b61b89e012021aa63bcc
-
SHA256
c59591667e3592188badb37d5b494cf93518e104219cbe91c74c9753ab74ea8e
-
SHA512
113cfcaeb8bb5b7bc35047341a345fc50086081cb02e7ec5cd3f8327bbf3cd9fbcf744bd849bbf6804ada30683c8e7605cd68d8e976763414f09cf43619e473e
-
SSDEEP
3072:Ig+3fh/PHrgNUqOBx4J2vNbGfvGnd3gW5ZM4/uBnz:h+3fRb9NdndPZMTF
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-