General
-
Target
3f3d808337ba37b3013b0608efad392a
-
Size
392KB
-
Sample
240103-2vs2nsedh7
-
MD5
3f3d808337ba37b3013b0608efad392a
-
SHA1
37639523cf3e0509c21ffc124cb710ebd8e74502
-
SHA256
18d77a2168ca12cb5b3b695a0654e7bb50d24fb554529132c33a5ab760599ae2
-
SHA512
c561d845cae9bab768f19f765d376c38057ebb6973d546b1a12171166b6bb9bcdaf0ccf8885be413267f3b8ae8037b715e4f5938e0b33df704989d8dca9a04d1
-
SSDEEP
12288:JmwxUSwiFoKdvOB6O9q77JUKuYHHHlX90/hP2losVd7lCrrHI8/iEGcKbBItywcN:J/xUSwiFoKdvOB6O9q77JUKuYHHHlX9B
Static task
static1
Behavioral task
behavioral1
Sample
3f3d808337ba37b3013b0608efad392a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3f3d808337ba37b3013b0608efad392a.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
3f3d808337ba37b3013b0608efad392a
-
Size
392KB
-
MD5
3f3d808337ba37b3013b0608efad392a
-
SHA1
37639523cf3e0509c21ffc124cb710ebd8e74502
-
SHA256
18d77a2168ca12cb5b3b695a0654e7bb50d24fb554529132c33a5ab760599ae2
-
SHA512
c561d845cae9bab768f19f765d376c38057ebb6973d546b1a12171166b6bb9bcdaf0ccf8885be413267f3b8ae8037b715e4f5938e0b33df704989d8dca9a04d1
-
SSDEEP
12288:JmwxUSwiFoKdvOB6O9q77JUKuYHHHlX90/hP2losVd7lCrrHI8/iEGcKbBItywcN:J/xUSwiFoKdvOB6O9q77JUKuYHHHlX9B
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-