General
-
Target
aa6f1c111191b58f7c606f8b4493bd5c.exe
-
Size
2.2MB
-
Sample
230331-gqb75sab3y
-
MD5
aa6f1c111191b58f7c606f8b4493bd5c
-
SHA1
d8e6d1b8186ef7dda0a088fdc374f1370a77c091
-
SHA256
c700525de4c86440dd87d3b66453796a7633d904000e88d937c908941f0b9a17
-
SHA512
a1f8ea9c67164fed8677e4ab6a400da68bade9ade6b1f4c35b0c5b46f5f4b5f7e9d4de364223b1f0348e5be9cc875c4c8c4af4a07afbedc0b073ae469d7bb534
-
SSDEEP
24576:fzloknFW3cOAgWEUnqVzvXDpsTQmsQ/nK+TfgM7L/wLx4l2f+dlUoXVq:fz+knFW1aqVzfDEjSY
Static task
static1
Behavioral task
behavioral1
Sample
aa6f1c111191b58f7c606f8b4493bd5c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
aa6f1c111191b58f7c606f8b4493bd5c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
systembc
89.22.225.242:4193
195.2.93.22:4193
Targets
-
-
Target
aa6f1c111191b58f7c606f8b4493bd5c.exe
-
Size
2.2MB
-
MD5
aa6f1c111191b58f7c606f8b4493bd5c
-
SHA1
d8e6d1b8186ef7dda0a088fdc374f1370a77c091
-
SHA256
c700525de4c86440dd87d3b66453796a7633d904000e88d937c908941f0b9a17
-
SHA512
a1f8ea9c67164fed8677e4ab6a400da68bade9ade6b1f4c35b0c5b46f5f4b5f7e9d4de364223b1f0348e5be9cc875c4c8c4af4a07afbedc0b073ae469d7bb534
-
SSDEEP
24576:fzloknFW3cOAgWEUnqVzvXDpsTQmsQ/nK+TfgM7L/wLx4l2f+dlUoXVq:fz+knFW1aqVzfDEjSY
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-