General
-
Target
999396ef653e77f7fd6ef685fc7ca54de66c19b39e17a5986bfd99130a03b673
-
Size
715KB
-
Sample
231009-mfgb1acb5s
-
MD5
9624fcdfbe8cc7b9525ba83e88432c37
-
SHA1
504f631044accfd8037b151300d3c2675bfca7c1
-
SHA256
999396ef653e77f7fd6ef685fc7ca54de66c19b39e17a5986bfd99130a03b673
-
SHA512
7ff20f1592af1afc9bf04d76866e3672986a761b63ee651137ebd2047ef9af71faa7b277c3fedb5254e5af102db86bcf916018558911ca7788f9e713efe05210
-
SSDEEP
12288:E2hWqY6jkFzcBZV4JiNSzYElBmu6i8B+MdTS3PgF9N1EXLTMZ3xFSpiOoF/4AiqT:EKLMeZKJLXOi8B+3c9XULAZhFSAFF/Ga
Malware Config
Targets
-
-
Target
999396ef653e77f7fd6ef685fc7ca54de66c19b39e17a5986bfd99130a03b673
-
Size
715KB
-
MD5
9624fcdfbe8cc7b9525ba83e88432c37
-
SHA1
504f631044accfd8037b151300d3c2675bfca7c1
-
SHA256
999396ef653e77f7fd6ef685fc7ca54de66c19b39e17a5986bfd99130a03b673
-
SHA512
7ff20f1592af1afc9bf04d76866e3672986a761b63ee651137ebd2047ef9af71faa7b277c3fedb5254e5af102db86bcf916018558911ca7788f9e713efe05210
-
SSDEEP
12288:E2hWqY6jkFzcBZV4JiNSzYElBmu6i8B+MdTS3PgF9N1EXLTMZ3xFSpiOoF/4AiqT:EKLMeZKJLXOi8B+3c9XULAZhFSAFF/Ga
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-