General
-
Target
383330b97552deb4caffb7942a8abef0N.exe
-
Size
88KB
-
Sample
240814-q5v38szgpp
-
MD5
383330b97552deb4caffb7942a8abef0
-
SHA1
1a89c4a48629cb39b66f10544b07a0f0979d7145
-
SHA256
366affd55e02d463fa66cef9c955249428f290e6a691a57e31ff107707fec5b5
-
SHA512
91999145cf99c4bac585c96b035dbe741b2bf07110802d19405092eecdf450fa53a1b20aa7400e2a5369333cb62ff8f71215f19c1ab40733608ab5b6cc1a36dd
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yET:6D0ctAVA/bmxIMnoKjyR/NT
Static task
static1
Behavioral task
behavioral1
Sample
383330b97552deb4caffb7942a8abef0N.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
383330b97552deb4caffb7942a8abef0N.exe
-
Size
88KB
-
MD5
383330b97552deb4caffb7942a8abef0
-
SHA1
1a89c4a48629cb39b66f10544b07a0f0979d7145
-
SHA256
366affd55e02d463fa66cef9c955249428f290e6a691a57e31ff107707fec5b5
-
SHA512
91999145cf99c4bac585c96b035dbe741b2bf07110802d19405092eecdf450fa53a1b20aa7400e2a5369333cb62ff8f71215f19c1ab40733608ab5b6cc1a36dd
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yET:6D0ctAVA/bmxIMnoKjyR/NT
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-