Extracted

• • Target

    8e5fa02aed0826d0.exe

  • Size

    1.1MB

  • MD5

    e0ca55536a3c4309d87e76a7a3a0803d

  • SHA1

    59a43e50ce59eb8676b7732a226ba99d6006dd33

  • SHA256

    1baa5064233eb6e85a66918c21004f1f17fb1821ddf4659eb859beccfc6d298a

  • SHA512

    13bce5f4dd726c064fd60989b5988ff60e28b1ab960a725daa238c0083f8c9f73bcca90a168c5fac013d00f3f3e5562971d8ddbefcf3cf359cdc1141102ae17a

  • SSDEEP

    24576:i5ZWs+OZVEWry8AFJqPuq/XdaDCIA5KwLkNVVP/VCo:6ZB1G8Yr8Xd2COwLkNDlr

  Score

  10^/10

  discoverypersistence

  • Blocklisted process makes network request

  • Sets file execution options in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1