General
-
Target
6f3c3f6bbb459a8e36d65a7fe4a51ebf
-
Size
719KB
-
Sample
240122-kreanschf3
-
MD5
6f3c3f6bbb459a8e36d65a7fe4a51ebf
-
SHA1
731821d3b0b5edeb62602a36218604967af6fc93
-
SHA256
0bafca510e500e596b151845c382c5d651fcca07f0fcc4e607349df550d95da6
-
SHA512
723a1b74452ec62140431f8bf97b0d3e5ddcf3bf52c03046ea56b3b4375e64d07725fb1ae298b78df06e2f864a1db4d794a4bb7d2375e064becf59569cb23b84
-
SSDEEP
12288:Ymp2nLu2601AVt0P3jM8/wJLFzh5ZKQsf/A6AuTNIEQSWUWrEvWXnejiapL:Ympp01AjqjlSj5ifrPNZWRrEvWujiE
Static task
static1
Behavioral task
behavioral1
Sample
6f3c3f6bbb459a8e36d65a7fe4a51ebf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f3c3f6bbb459a8e36d65a7fe4a51ebf.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
6f3c3f6bbb459a8e36d65a7fe4a51ebf
-
Size
719KB
-
MD5
6f3c3f6bbb459a8e36d65a7fe4a51ebf
-
SHA1
731821d3b0b5edeb62602a36218604967af6fc93
-
SHA256
0bafca510e500e596b151845c382c5d651fcca07f0fcc4e607349df550d95da6
-
SHA512
723a1b74452ec62140431f8bf97b0d3e5ddcf3bf52c03046ea56b3b4375e64d07725fb1ae298b78df06e2f864a1db4d794a4bb7d2375e064becf59569cb23b84
-
SSDEEP
12288:Ymp2nLu2601AVt0P3jM8/wJLFzh5ZKQsf/A6AuTNIEQSWUWrEvWXnejiapL:Ympp01AjqjlSj5ifrPNZWRrEvWujiE
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-