General
-
Target
5584609358f190dce39598caf9c00155.bin
-
Size
9.2MB
-
Sample
230217-bk4sbada79
-
MD5
5584609358f190dce39598caf9c00155
-
SHA1
660e71120385ad91ac3819e7d7298026264b3311
-
SHA256
5fcc3e36cdd9efe4ae318000c1d991c0df8693a839f82a6212526069c5d9152e
-
SHA512
cc5ac830e022bc768bd38889b969111223aa89126b9bcd2af116aa392e5f415846c897de69a624f3528f6befc3fdafd81662383b31e24a51e5c10013805a7fcc
-
SSDEEP
196608:tg2E6whhYzx6WqKMzqZlhswNo2X/8d8BKsQTmXMJ:tg2Xzx6W9SeT08kVaXMJ
Static task
static1
Behavioral task
behavioral1
Sample
TeamViewer QS V11.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
TeamViewer QS V11.exe
-
Size
9.4MB
-
MD5
199769cacd06b985dc18c32eef5234bc
-
SHA1
cd69d0b21a375fae431517b53ce6489d8bf45fbd
-
SHA256
fbe4c2bdb3e870c335f5f9d12967bd04695d0100d97a19b069acbac713ab47a8
-
SHA512
87ec7583864d176183636d392b17deed78adfaa5d22d07430408562177b1d9e10b95398a1852a19e6e1fed4b91c35ee3cbd9f303be5bbfdf4edcf89b7716e9b0
-
SSDEEP
196608:sUaqygKJFy1lSC+qCren5HKoJ6qVx+P+HywuPcBEH:VaqF1lSCfmcx6+S7kBEH
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-