General
-
Target
7c9ca675108ae6a5d20547bd9890f30b6ead8668d341fa0e4fa2c8dc4ee0dbab
-
Size
4.4MB
-
Sample
231111-xesczsah9x
-
MD5
281cf230dc169cee620324e3955480b7
-
SHA1
0a230acd7912b405bb0b12f64bd172622f0dd54c
-
SHA256
7c9ca675108ae6a5d20547bd9890f30b6ead8668d341fa0e4fa2c8dc4ee0dbab
-
SHA512
065fbe92c2d9f863b04d5a365bd82863d2a46b694d6f26ac8f767cf191f5d46873be53cee38f6c15049b2305d9f74e72dfa5d0e123bac0cf40cc764d5176a2fc
-
SSDEEP
98304:ls4iK7Ps1sByTaPs1sByTXs4iKXPs1sByTk:NBNBoBZ
Malware Config
Targets
-
-
Target
7c9ca675108ae6a5d20547bd9890f30b6ead8668d341fa0e4fa2c8dc4ee0dbab
-
Size
4.4MB
-
MD5
281cf230dc169cee620324e3955480b7
-
SHA1
0a230acd7912b405bb0b12f64bd172622f0dd54c
-
SHA256
7c9ca675108ae6a5d20547bd9890f30b6ead8668d341fa0e4fa2c8dc4ee0dbab
-
SHA512
065fbe92c2d9f863b04d5a365bd82863d2a46b694d6f26ac8f767cf191f5d46873be53cee38f6c15049b2305d9f74e72dfa5d0e123bac0cf40cc764d5176a2fc
-
SSDEEP
98304:ls4iK7Ps1sByTaPs1sByTXs4iKXPs1sByTk:NBNBoBZ
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Drops file in System32 directory
-