General
-
Target
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf.unknown
-
Size
177KB
-
Sample
240425-t6j9xacg2x
-
MD5
734c9d6b82b44237e5befe07faa4149b
-
SHA1
b6a244eeb8ed209f2222b112cf2925f7eac7d1db
-
SHA256
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf
-
SHA512
2ed78410af0a2c43252946545ed5f0e5132d03335c5321b9b08a7179b28c0f07690ff5b9d3bdadd94b2c5940a668c24c5e6677893403a3f2d604b0a2ecf11ce5
-
SSDEEP
3072:IRj8jqnKK8ccABOwbDS2y2zJETxUuoHh36EH/OG6C27wv3cHsqRBBto5mFSarj:4nR8ccABOwbDA2zJETxVu1tH/Ks0jBBn
Static task
static1
Behavioral task
behavioral1
Sample
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf.wsf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf.wsf
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf.unknown
-
Size
177KB
-
MD5
734c9d6b82b44237e5befe07faa4149b
-
SHA1
b6a244eeb8ed209f2222b112cf2925f7eac7d1db
-
SHA256
4949351915c2627905d17fe54bb56341f0af23331257e235b79eaa876fcad8cf
-
SHA512
2ed78410af0a2c43252946545ed5f0e5132d03335c5321b9b08a7179b28c0f07690ff5b9d3bdadd94b2c5940a668c24c5e6677893403a3f2d604b0a2ecf11ce5
-
SSDEEP
3072:IRj8jqnKK8ccABOwbDS2y2zJETxUuoHh36EH/OG6C27wv3cHsqRBBto5mFSarj:4nR8ccABOwbDA2zJETxVu1tH/Ks0jBBn
Score10/10-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-