General
-
Target
b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8
-
Size
223KB
-
Sample
231204-ew4s8sgh82
-
MD5
3b56ed37bc8b0c07c6f2791cdc5b115a
-
SHA1
709f7ec5c723a2dc101aba5ff897582a72681985
-
SHA256
b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8
-
SHA512
e81b3e44c1fa0ee0b0eb113e7c3735533d3e1b0dd6d681f9a57af8bf6be7eee1981a1d145a6763082c653d4d06b00cb83551fe60f5599997f5d2ec7f3c03b5fe
-
SSDEEP
3072:yZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:ewPSUONLNsuWA7koN+boRi9S6oiz72D
Behavioral task
behavioral1
Sample
b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8.exe
Resource
win7-20231023-en
Malware Config
Targets
-
-
Target
b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8
-
Size
223KB
-
MD5
3b56ed37bc8b0c07c6f2791cdc5b115a
-
SHA1
709f7ec5c723a2dc101aba5ff897582a72681985
-
SHA256
b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8
-
SHA512
e81b3e44c1fa0ee0b0eb113e7c3735533d3e1b0dd6d681f9a57af8bf6be7eee1981a1d145a6763082c653d4d06b00cb83551fe60f5599997f5d2ec7f3c03b5fe
-
SSDEEP
3072:yZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:ewPSUONLNsuWA7koN+boRi9S6oiz72D
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-