General
-
Target
fbbdb02b5d2763274feddde6ae15b400N
-
Size
88KB
-
Sample
240826-bvaxzsyfjp
-
MD5
fbbdb02b5d2763274feddde6ae15b400
-
SHA1
f49d5b97e1baa9fdaf1001648dd4b1eb2ca567f5
-
SHA256
ad03a7b398a1f131dc9e28acdf6513be02dabb2f191647fc0e41aa58dd18937e
-
SHA512
f552a8258f1a50c9c1fa97609a155401580d2d7f58810e758f40f953b4886bff22394a14d4d61eace301783c8aaa5c33c113bb7d0806317944b7cdf2d94a6984
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yER:6D0ctAVA/bmxIMnoKjyR/NR
Static task
static1
Behavioral task
behavioral1
Sample
fbbdb02b5d2763274feddde6ae15b400N.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
fbbdb02b5d2763274feddde6ae15b400N
-
Size
88KB
-
MD5
fbbdb02b5d2763274feddde6ae15b400
-
SHA1
f49d5b97e1baa9fdaf1001648dd4b1eb2ca567f5
-
SHA256
ad03a7b398a1f131dc9e28acdf6513be02dabb2f191647fc0e41aa58dd18937e
-
SHA512
f552a8258f1a50c9c1fa97609a155401580d2d7f58810e758f40f953b4886bff22394a14d4d61eace301783c8aaa5c33c113bb7d0806317944b7cdf2d94a6984
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yER:6D0ctAVA/bmxIMnoKjyR/NR
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-