General
-
Target
bf6b65610b30d30cf1809513c2a04fa1827ddc9d89cb6ee8c1bdbd96259711a2
-
Size
399KB
-
Sample
230921-y99q7aad3v
-
MD5
7b3f7614fedcec2f47b38f3967f47aef
-
SHA1
0d5b8f38c9c2a2aaffd8337839d64350c7acb41e
-
SHA256
bf6b65610b30d30cf1809513c2a04fa1827ddc9d89cb6ee8c1bdbd96259711a2
-
SHA512
12da78f689fd51819fc10fd4039b756bb89f37e87a1b4c678f2e278d81277fbf75e8fe4b981c7a1cd22ecc821259e4fdd6119dd8491b67b239c1b2a45e48f1b3
-
SSDEEP
6144:qKiYJL+K7EQ5vrt5AVfL8haEK4sDzLPFocEOkCybEaQRXr9HNdvOa:WqEU0Vf4ha0sDzoOkx2LIa
Malware Config
Targets
-
-
Target
bf6b65610b30d30cf1809513c2a04fa1827ddc9d89cb6ee8c1bdbd96259711a2
-
Size
399KB
-
MD5
7b3f7614fedcec2f47b38f3967f47aef
-
SHA1
0d5b8f38c9c2a2aaffd8337839d64350c7acb41e
-
SHA256
bf6b65610b30d30cf1809513c2a04fa1827ddc9d89cb6ee8c1bdbd96259711a2
-
SHA512
12da78f689fd51819fc10fd4039b756bb89f37e87a1b4c678f2e278d81277fbf75e8fe4b981c7a1cd22ecc821259e4fdd6119dd8491b67b239c1b2a45e48f1b3
-
SSDEEP
6144:qKiYJL+K7EQ5vrt5AVfL8haEK4sDzLPFocEOkCybEaQRXr9HNdvOa:WqEU0Vf4ha0sDzoOkx2LIa
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-