General
-
Target
Anarchy Panel 4.7.rar
-
Size
5.4MB
-
Sample
230620-abg2hsha27
-
MD5
0339f9df349f374160d3ec255755ccd0
-
SHA1
495d2b96407119f9fbf7d7acfe389b22aacf13dc
-
SHA256
5a25c825e231e59b74d37cf66f9e048ba0785d209f37e55eb9e56dd8ed4939cf
-
SHA512
34c77d765cf6c323adb3b8f3758af265051666ee218baa6cec54d5aa6b717e5717935d9acc95abe63ff988f6cd2483d7711882d108c5e4abb7eb1b3bfc4bc7fe
-
SSDEEP
98304:MrTK0ZAmeGx8Fzgq4obMgPvVDF8CWT9ik09twYHglQCyyTwgo855TjvaIQZucnEb:M5A1GI4obTPvs99i8YBCnT75l/Kxnbmt
Behavioral task
behavioral1
Sample
Anarchy Panel.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://rentry.org/nipkv/raw
Targets
-
-
Target
Anarchy Panel.exe
-
Size
71KB
-
MD5
921b80699829ba456a35ff4a4cc16861
-
SHA1
f01420e7dd677d50763c8344d33549076734682a
-
SHA256
a94809a32eb1cee1f9490410fe9592790fe00802c620b1b881fb0c8815b1efba
-
SHA512
a8d2650a9f7290ddaff5c0b1a842cfd4f473f91f23fc8d7f07294c528eb98cca63a48a5f5552c4bf33465f59b9f74fbc3c9d783064e927e8974ca316893c2bf1
-
SSDEEP
384:A67eCgMkHDsar3lL9O65uJor+1kKQmQhVXZzyM9MpPYAhk5:AFla6/wmhrV2pL
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-