General
-
Target
b1041d76466ba59f9c180b44594362735de4a93c3cbc72fb053fae1db1cc1410.exe
-
Size
60KB
-
Sample
240212-fje5sabg71
-
MD5
b8d234fdeaea24be7a20b19a2f8c133e
-
SHA1
78c0da0d476cf855c4eeb9f08d3048f3342dc4e2
-
SHA256
b1041d76466ba59f9c180b44594362735de4a93c3cbc72fb053fae1db1cc1410
-
SHA512
f54648981fe26435c8683b09863e8cb3d30044dbc20ff8d8dddcf4cd06a43ddfd99f816ed4e06f35d9de6dcbf5575054c611acaadce32ac0752b1b689fd2732e
-
SSDEEP
1536:K4dJooh0Wa0aer344Jw/ytUqVS5EkIijQ1fTNPUtU7xu:K4dzVTaer344JzthRZijQ1JPU
Malware Config
Targets
-
-
Target
b1041d76466ba59f9c180b44594362735de4a93c3cbc72fb053fae1db1cc1410.exe
-
Size
60KB
-
MD5
b8d234fdeaea24be7a20b19a2f8c133e
-
SHA1
78c0da0d476cf855c4eeb9f08d3048f3342dc4e2
-
SHA256
b1041d76466ba59f9c180b44594362735de4a93c3cbc72fb053fae1db1cc1410
-
SHA512
f54648981fe26435c8683b09863e8cb3d30044dbc20ff8d8dddcf4cd06a43ddfd99f816ed4e06f35d9de6dcbf5575054c611acaadce32ac0752b1b689fd2732e
-
SSDEEP
1536:K4dJooh0Wa0aer344Jw/ytUqVS5EkIijQ1fTNPUtU7xu:K4dzVTaer344JzthRZijQ1JPU
Score9/10-
UPX dump on OEP (original entry point)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-