General
-
Target
memes
-
Size
7.9MB
-
Sample
240224-xz79yada6z
-
MD5
a52e04619b3f5d740c980b005376e0b8
-
SHA1
75ab5d9deb76e15cf8208756e60ab75abd22da94
-
SHA256
712c597fb2b0f25a262dd7a87f3b68eeaae4f9f1813245795e3190d74ac4351a
-
SHA512
6e81e4c849f57656e82ea41580d61a102d20b37c23222dc4fa29d27bd161534b8bb355dfd0deb55d79a97f7547878b32fb371ded1f8d94b818252f40c3161c79
-
SSDEEP
196608:YtI8DzOmW3omKB+yKCYrp5SwOOYOZKBuBtz:YtPl+byKX1gwJEA
Malware Config
Targets
-
-
Target
memes
-
Size
7.9MB
-
MD5
a52e04619b3f5d740c980b005376e0b8
-
SHA1
75ab5d9deb76e15cf8208756e60ab75abd22da94
-
SHA256
712c597fb2b0f25a262dd7a87f3b68eeaae4f9f1813245795e3190d74ac4351a
-
SHA512
6e81e4c849f57656e82ea41580d61a102d20b37c23222dc4fa29d27bd161534b8bb355dfd0deb55d79a97f7547878b32fb371ded1f8d94b818252f40c3161c79
-
SSDEEP
196608:YtI8DzOmW3omKB+yKCYrp5SwOOYOZKBuBtz:YtPl+byKX1gwJEA
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-