General
-
Target
3a9bea575b30cfd41acd3e56d19d6517
-
Size
412KB
-
Sample
231231-vsrbqsbbgj
-
MD5
3a9bea575b30cfd41acd3e56d19d6517
-
SHA1
d92d731e2c7f109fde5d20fd303e342eeee1ddf4
-
SHA256
8ee999c4bee3d8fa2160c2e7ac53f0b4f2ad31f0c09d2e6cff1267bed574da2b
-
SHA512
163ddcd7e2c8a3b62985a7312d39e3493ba5dc0eff802fc8474f7fcb9892c05e9861aaad806ca470da244f83339100b537381ca94a9a5445e432e76ac9156b30
-
SSDEEP
12288:RBUA/Tge+WezLDldza2YVnNT5CQvCeGR:RBUAE9LR1afn7vl
Static task
static1
Behavioral task
behavioral1
Sample
3a9bea575b30cfd41acd3e56d19d6517.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3a9bea575b30cfd41acd3e56d19d6517.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
3a9bea575b30cfd41acd3e56d19d6517
-
Size
412KB
-
MD5
3a9bea575b30cfd41acd3e56d19d6517
-
SHA1
d92d731e2c7f109fde5d20fd303e342eeee1ddf4
-
SHA256
8ee999c4bee3d8fa2160c2e7ac53f0b4f2ad31f0c09d2e6cff1267bed574da2b
-
SHA512
163ddcd7e2c8a3b62985a7312d39e3493ba5dc0eff802fc8474f7fcb9892c05e9861aaad806ca470da244f83339100b537381ca94a9a5445e432e76ac9156b30
-
SSDEEP
12288:RBUA/Tge+WezLDldza2YVnNT5CQvCeGR:RBUAE9LR1afn7vl
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-