General
-
Target
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
-
Size
5.3MB
-
Sample
240323-cn7h2seh3v
-
MD5
b59631e064541c8651576128708e50f9
-
SHA1
7aae996d4990f37a48288fa5f15a7889c3ff49b3
-
SHA256
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002
-
SHA512
571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92
-
SSDEEP
98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy
Static task
static1
Behavioral task
behavioral1
Sample
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
-
Size
5.3MB
-
MD5
b59631e064541c8651576128708e50f9
-
SHA1
7aae996d4990f37a48288fa5f15a7889c3ff49b3
-
SHA256
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002
-
SHA512
571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92
-
SSDEEP
98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy
Score8/10-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-