General
-
Target
da42bfefbb746470a72686594134c4f0N.exe
-
Size
88KB
-
Sample
240825-fpclvaxenr
-
MD5
da42bfefbb746470a72686594134c4f0
-
SHA1
81689318e37af3689a48395312519103c3a5b297
-
SHA256
284251db61d9c4dc8a190b0b446daafcfbc727fc917308b4d6d49d398adebf4a
-
SHA512
521c850a64cd7e9d18650419f22301f61fd7ca2e1b54b1e4553b54deb10951ee45313af688612edcefb17ee21cfb434aa034b2821313f7664b0d363046d50f25
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEY:6D0ctAVA/bmxIMnoKjyR/NY
Static task
static1
Behavioral task
behavioral1
Sample
da42bfefbb746470a72686594134c4f0N.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
da42bfefbb746470a72686594134c4f0N.exe
-
Size
88KB
-
MD5
da42bfefbb746470a72686594134c4f0
-
SHA1
81689318e37af3689a48395312519103c3a5b297
-
SHA256
284251db61d9c4dc8a190b0b446daafcfbc727fc917308b4d6d49d398adebf4a
-
SHA512
521c850a64cd7e9d18650419f22301f61fd7ca2e1b54b1e4553b54deb10951ee45313af688612edcefb17ee21cfb434aa034b2821313f7664b0d363046d50f25
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEY:6D0ctAVA/bmxIMnoKjyR/NY
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-