General
-
Target
49f227f4711ee473da73cefa669d6e0e.bin
-
Size
390KB
-
Sample
230412-cn82waaf21
-
MD5
6a61e5763fb6af2d96578a1857ca0f18
-
SHA1
9c712ad595105e9b91eac07e4718324d782914c0
-
SHA256
6ff88fc070118d3dbffb5c1b7cf3a328d1d82f741418038d974f4406d8c1a93b
-
SHA512
12001dc3d62a9a68bea8124a6016b2335523dd9eab34c4b2ad7f046800193177ce13da3bbf572cff4a66a1285d862f5f19ec4fdb382e809664611fc16036a5e5
-
SSDEEP
6144:Lj2pLh3Im6X0czptvJSMEmCtAMVJxCQSjxtmxuVUwnxyBFTX5MKn4wqbZr09:qam4nGtbVGJ7xVxnxyTXpn4nbZI9
Behavioral task
behavioral1
Sample
9ef45e8fc3c3333a7d2e95de498b82d09b11a3df6253fa172b7db084726a5c4e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9ef45e8fc3c3333a7d2e95de498b82d09b11a3df6253fa172b7db084726a5c4e.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
9ef45e8fc3c3333a7d2e95de498b82d09b11a3df6253fa172b7db084726a5c4e.exe
-
Size
821KB
-
MD5
49f227f4711ee473da73cefa669d6e0e
-
SHA1
5af5186ee656020ee301c48dd92b9720d3ccf4ad
-
SHA256
9ef45e8fc3c3333a7d2e95de498b82d09b11a3df6253fa172b7db084726a5c4e
-
SHA512
63abcd3ef56ecfa80fed804c7993a0e54ab9d0fdf7bd15c5379f6e16ccd56f230edcb0d6c559cd837a892ff50b4944aaaec9bf95a253460352dbb14fbbb7249f
-
SSDEEP
12288:TFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJ:h3nbWmJVJFwSddIXvfhqbiaxvRxq9
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-