General
-
Target
23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea.zip
-
Size
209KB
-
Sample
240516-bh5ltsdd2x
-
MD5
4a797e6558479267a68168a84353471d
-
SHA1
17ec991d7f0bcecf0005f8c4049617a7b72b469b
-
SHA256
23909b22079b8d7a53e9a3e7940cbc4626ba74f19382973e1b3dafbade7243ea
-
SHA512
fa3864fc78e8b63f85fe415dc2c33748486df34c31a94a7d31063bc9839ee9608f593302b3dc0030ab1ba97c51830fb7f74c281af310330f2e10ccd6f9fd29ee
-
SSDEEP
3072:FLY3zta+9GTSkEHV3EdRvHm4jIOLLSByuqaxFZjR55aYSvYPd9O50TXqGIy/kgfu:RszVkEHVMRfmNOSdqaVv5nd9OEIyMUu
Static task
static1
Behavioral task
behavioral1
Sample
Dekont-Mayis.exe
Resource
win7-20240508-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Solid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
bns
Targets
-
-
Target
Dekont-Mayis.exe
-
Size
242KB
-
MD5
f36fa3a72893c4151b136426119ad589
-
SHA1
2f83d91056d831a40182c743c36fab2622be8906
-
SHA256
3f2490dd9d05980a4b02f6b5e6e9c18f349cc4192a4733374318c20bc7f0a885
-
SHA512
fa51532d7257fb7e71a2f5f9091350086c1772dc5458b572674071c25288b80b205bf17db271e58e11e45d930f4c1745938e45068125bf92b29fd8ca3e6859ff
-
SSDEEP
6144:hcBzA6kEHVMRfmlOSdqadv5fdvW5S7w1ofkPAyDEqClNdzI:SBTkEHS8dqidvL7/cPAyDEqClN6
-
Detects executables packed with ConfuserEx Mod
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-