General
-
Target
b6e95ff23f2e0793f36543b91d0d0a0a
-
Size
409KB
-
Sample
240306-jr9wxafg87
-
MD5
b6e95ff23f2e0793f36543b91d0d0a0a
-
SHA1
072c8321280f2ceded6a906724ca974875f41146
-
SHA256
b826af3338b2d2f0c6b5427ba25a47661ca142e9f331b6443255f359c44036fe
-
SHA512
4a8a8242f86aee5c2efca76298965ddfe0af48d761c6bbd9a648f78f591db72033aa804d3d066b63a99e6a3499fdd61475b09be36238f5bc993285d1e1fda4c5
-
SSDEEP
6144:0t76RZpCr6xDmBKUtCcgQm3qOjgsVP/RG4vDuK8tFAnpLL/Y6afliNiqxm:0p6o6xDuFtdwjBLG4buJgtY6iqI
Static task
static1
Behavioral task
behavioral1
Sample
b6e95ff23f2e0793f36543b91d0d0a0a.exe
Resource
win7-20240221-en
Malware Config
Extracted
arkei
185.224.139.233/MwJRWa1FHk.php
Targets
-
-
Target
b6e95ff23f2e0793f36543b91d0d0a0a
-
Size
409KB
-
MD5
b6e95ff23f2e0793f36543b91d0d0a0a
-
SHA1
072c8321280f2ceded6a906724ca974875f41146
-
SHA256
b826af3338b2d2f0c6b5427ba25a47661ca142e9f331b6443255f359c44036fe
-
SHA512
4a8a8242f86aee5c2efca76298965ddfe0af48d761c6bbd9a648f78f591db72033aa804d3d066b63a99e6a3499fdd61475b09be36238f5bc993285d1e1fda4c5
-
SSDEEP
6144:0t76RZpCr6xDmBKUtCcgQm3qOjgsVP/RG4vDuK8tFAnpLL/Y6afliNiqxm:0p6o6xDuFtdwjBLG4buJgtY6iqI
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-