General
-
Target
6774bacc7c51f9d0867614bf71c5189c
-
Size
780KB
-
Sample
240119-m327zsdca4
-
MD5
6774bacc7c51f9d0867614bf71c5189c
-
SHA1
245dc52cabf12eba2b5eb49982389516365c7467
-
SHA256
b7da4b64f54a719af82cef6f8c277fc32b61e36595f91ddb567dcff8f5a31b55
-
SHA512
8f28d805f965900d2c4632eb835826b04432918d2fe1e788372a4460bd9e5ee8fdf59fff63a0a218a4b529426765668ca41face59a54e3f371e15998e0b5c3e6
-
SSDEEP
24576:1lsLARLnwUueHwkvLiebFiWiUE65mbNfF60d4laeoc:XQARwxeQkvLieb9iUlcE0yoc
Static task
static1
Behavioral task
behavioral1
Sample
6774bacc7c51f9d0867614bf71c5189c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6774bacc7c51f9d0867614bf71c5189c.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
6774bacc7c51f9d0867614bf71c5189c
-
Size
780KB
-
MD5
6774bacc7c51f9d0867614bf71c5189c
-
SHA1
245dc52cabf12eba2b5eb49982389516365c7467
-
SHA256
b7da4b64f54a719af82cef6f8c277fc32b61e36595f91ddb567dcff8f5a31b55
-
SHA512
8f28d805f965900d2c4632eb835826b04432918d2fe1e788372a4460bd9e5ee8fdf59fff63a0a218a4b529426765668ca41face59a54e3f371e15998e0b5c3e6
-
SSDEEP
24576:1lsLARLnwUueHwkvLiebFiWiUE65mbNfF60d4laeoc:XQARwxeQkvLieb9iUlcE0yoc
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-