General
-
Target
b16d9a488d91cad20084d64c7cdcf356.bin
-
Size
17KB
-
Sample
230524-bxhevaac58
-
MD5
3e8ff262662b0267d793ce8b74a2a97a
-
SHA1
cb2cc90b213318b20a6db85fa7b06a2ba1663648
-
SHA256
763c744e5563d6c5337f15963631cade18ff3baf53badbf6b6d060a6493fb494
-
SHA512
d62c8a01ad6310bc9e7d32c96a75c30676d602b7806a81669332d06fecfe78649434d73b14094f300af2f971cd89f0896d2ec6da9acc95cc16e1e173015d25cb
-
SSDEEP
384:2Ehcu41jA1PLBXmKvOx0hlKwQHYWaZjxvRAHuV3JsfCGT2:29uf1NJOx8le07COV3iZ2
Malware Config
Targets
-
-
Target
b16d9a488d91cad20084d64c7cdcf356.bin
-
Size
17KB
-
MD5
3e8ff262662b0267d793ce8b74a2a97a
-
SHA1
cb2cc90b213318b20a6db85fa7b06a2ba1663648
-
SHA256
763c744e5563d6c5337f15963631cade18ff3baf53badbf6b6d060a6493fb494
-
SHA512
d62c8a01ad6310bc9e7d32c96a75c30676d602b7806a81669332d06fecfe78649434d73b14094f300af2f971cd89f0896d2ec6da9acc95cc16e1e173015d25cb
-
SSDEEP
384:2Ehcu41jA1PLBXmKvOx0hlKwQHYWaZjxvRAHuV3JsfCGT2:29uf1NJOx8le07COV3iZ2
Score1/10 -
-
-
Target
fbb8623e06fa0ae61b4c276c785fc262a4ae5c1a1709b17d63960d41c79e0dd6.exe
-
Size
79KB
-
MD5
b16d9a488d91cad20084d64c7cdcf356
-
SHA1
b05704e9388d9800cbfbc9b2f9f59d9a87bdb497
-
SHA256
fbb8623e06fa0ae61b4c276c785fc262a4ae5c1a1709b17d63960d41c79e0dd6
-
SHA512
aae667a006d46daaeff4bbac0b32d3679ba767ffb22e0176ed3eccee21fd07aa3276fc371acd980c6c0d4c5670040dba7959b1c94daf3ffdfc4a1e663f1a93b7
-
SSDEEP
1536:HDzavlhLzteVHMB/LZ78qgWABKJQYgTHa7qdkTWNAGRYp4xfi8MK9L+fqA:HbgK9L+fqA
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-