General
-
Target
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c
-
Size
17KB
-
Sample
240520-kxm5rsdb5v
-
MD5
93af4525d3371d64a36295af717e97e1
-
SHA1
d99e799e0564aa02822d42815627e5dd06a144cf
-
SHA256
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c
-
SHA512
8c3cf67692b04e0897b2e6abd3f1356631218c4b2ed1ee94ba16c1e3efb30c2706afc36940424dcc7020462f32d354d3bf719ceaa789517d5da81d149f52fe67
-
SSDEEP
192:lwxHanX9+BAlqWmhTEHo6FXmDYZhkKy1/IZ8Bl0r9e1Q1mf0SxQYyJd1nQIo9dyP:ixHaXXl7HJFXkAyCm0oymnqYuQF9sP
Static task
static1
Behavioral task
behavioral1
Sample
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c.vbs
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c
-
Size
17KB
-
MD5
93af4525d3371d64a36295af717e97e1
-
SHA1
d99e799e0564aa02822d42815627e5dd06a144cf
-
SHA256
6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c
-
SHA512
8c3cf67692b04e0897b2e6abd3f1356631218c4b2ed1ee94ba16c1e3efb30c2706afc36940424dcc7020462f32d354d3bf719ceaa789517d5da81d149f52fe67
-
SSDEEP
192:lwxHanX9+BAlqWmhTEHo6FXmDYZhkKy1/IZ8Bl0r9e1Q1mf0SxQYyJd1nQIo9dyP:ixHaXXl7HJFXkAyCm0oymnqYuQF9sP
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-