General
-
Target
b59631e064541c8651576128708e50f9.bin
-
Size
4.5MB
-
Sample
240324-d214vsbg6z
-
MD5
55d3d8af0e1cdbed5cc0d0eab615dde7
-
SHA1
e0bb3fa8f6d195c2095d3a8cfef2d6cc81ae42d2
-
SHA256
dc7024607d07710c6dbd48c06087e01db216644fef2d20aa717f61814d0ca02e
-
SHA512
661bff09155a5885057a791fccb8141ee0126339e7f20524f415dae53caba88a39910cca1da1a6c621953c6bb7d8922c64e014dee9cbf96e37d5f5832191988b
-
SSDEEP
98304:OnS+mOtgGa/XnOWJLt1kFWPaQAmpny4s8MboGqlDyOKq/bpyb/BbT352uiSf:+VgGamOL3k/0ylJoGa/UdThnf
Malware Config
Targets
-
-
Target
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe
-
Size
5.3MB
-
MD5
b59631e064541c8651576128708e50f9
-
SHA1
7aae996d4990f37a48288fa5f15a7889c3ff49b3
-
SHA256
4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002
-
SHA512
571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92
-
SSDEEP
98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy
Score10/10-
Modifies security service
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-