General
-
Target
33515dfe5a94b94cb9ee0a9a16382122
-
Size
384KB
-
Sample
231231-m1kj6aafh3
-
MD5
33515dfe5a94b94cb9ee0a9a16382122
-
SHA1
adf90ac60bd43cfa3a343dc979f2945f7d915ff4
-
SHA256
de7e6ad14fab46300439e118fffb7791d176aee4b7d477daf89790aaef201310
-
SHA512
e87fa3e960256181bacf9e4aafbdb51561aad75a6ed6450d1a8a2b1ab9d6c789a81e9b723f10bdf4137665046c488547460dbf18b34359e86ff8a57174a36486
-
SSDEEP
6144:VbxFvlmYWKsHOMQycl7+xJhyoKyWuxEAwy2G9Xln9Psp5HBKQhdk:FdW0NBeioSuxEQ2G9nU/EWdk
Static task
static1
Behavioral task
behavioral1
Sample
33515dfe5a94b94cb9ee0a9a16382122.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
33515dfe5a94b94cb9ee0a9a16382122.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
33515dfe5a94b94cb9ee0a9a16382122
-
Size
384KB
-
MD5
33515dfe5a94b94cb9ee0a9a16382122
-
SHA1
adf90ac60bd43cfa3a343dc979f2945f7d915ff4
-
SHA256
de7e6ad14fab46300439e118fffb7791d176aee4b7d477daf89790aaef201310
-
SHA512
e87fa3e960256181bacf9e4aafbdb51561aad75a6ed6450d1a8a2b1ab9d6c789a81e9b723f10bdf4137665046c488547460dbf18b34359e86ff8a57174a36486
-
SSDEEP
6144:VbxFvlmYWKsHOMQycl7+xJhyoKyWuxEAwy2G9Xln9Psp5HBKQhdk:FdW0NBeioSuxEQ2G9nU/EWdk
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-