General
-
Target
66032aec342c85d912e0f682e61cc57e
-
Size
271KB
-
Sample
240118-zpkr1ahahm
-
MD5
66032aec342c85d912e0f682e61cc57e
-
SHA1
464dfe3c7583cc220b873d2907802e42b6bbfbef
-
SHA256
473e8c50cf9373499feaad7d20e43d6bbfd8dc6003b6a03d5f8eeee268ad3140
-
SHA512
4ae423d3e88873ae14f8afce831f2b5fb1a7fb2c01f65ad25a3461ecf696e057871249a2c2cd8d9143c4c0ef76f5d3d0efa1fb06d094369b6bd2e02f570ac4a9
-
SSDEEP
6144:jQqsvP4oaeNqL8v1wnLAfEZg4mLwZNWZ9sqkXW:IDaeoL8OEEZg5LwZYIqoW
Static task
static1
Behavioral task
behavioral1
Sample
66032aec342c85d912e0f682e61cc57e.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
66032aec342c85d912e0f682e61cc57e
-
Size
271KB
-
MD5
66032aec342c85d912e0f682e61cc57e
-
SHA1
464dfe3c7583cc220b873d2907802e42b6bbfbef
-
SHA256
473e8c50cf9373499feaad7d20e43d6bbfd8dc6003b6a03d5f8eeee268ad3140
-
SHA512
4ae423d3e88873ae14f8afce831f2b5fb1a7fb2c01f65ad25a3461ecf696e057871249a2c2cd8d9143c4c0ef76f5d3d0efa1fb06d094369b6bd2e02f570ac4a9
-
SSDEEP
6144:jQqsvP4oaeNqL8v1wnLAfEZg4mLwZNWZ9sqkXW:IDaeoL8OEEZg5LwZYIqoW
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2