General
-
Target
Yonder_Spoofer.exe
-
Size
6.4MB
-
Sample
240425-vlw9each97
-
MD5
8f6176cf818be24d9a9a02c96d779ff7
-
SHA1
b2f4fb1975ea1518d17e2489b005a003a3e876e3
-
SHA256
a50313148c4f3c575c7564c4e5bc14f92aec9b5326c1ee4e291c1f576b0df7df
-
SHA512
afef7c86923e5a2dacadc1140abe092b240a454df74846baaea3b256863eaa5eb1646cef97f0fe2d2cc73f8d3985a1cf975c9cd3c8bae82b5ec5b0ccce0c0c32
-
SSDEEP
98304:73O0NlpvbBHyA9N046e/sC902M6CMbJjN5z7YREOgRmJrjDLB3V7mNNi0rjbpA/7:DO0NPbBHyA9OA/ssB9HRm5LBINNi0Cd
Behavioral task
behavioral1
Sample
Yonder_Spoofer.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
Yonder_Spoofer.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
Yonder_Spoofer.exe
-
Size
6.4MB
-
MD5
8f6176cf818be24d9a9a02c96d779ff7
-
SHA1
b2f4fb1975ea1518d17e2489b005a003a3e876e3
-
SHA256
a50313148c4f3c575c7564c4e5bc14f92aec9b5326c1ee4e291c1f576b0df7df
-
SHA512
afef7c86923e5a2dacadc1140abe092b240a454df74846baaea3b256863eaa5eb1646cef97f0fe2d2cc73f8d3985a1cf975c9cd3c8bae82b5ec5b0ccce0c0c32
-
SSDEEP
98304:73O0NlpvbBHyA9N046e/sC902M6CMbJjN5z7YREOgRmJrjDLB3V7mNNi0rjbpA/7:DO0NPbBHyA9OA/ssB9HRm5LBINNi0Cd
Score9/10-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-