General
-
Target
bbdf3e2b36371cefd0f69912f09f8ee0N.exe
-
Size
284KB
-
Sample
240827-pajlaazcqc
-
MD5
bbdf3e2b36371cefd0f69912f09f8ee0
-
SHA1
10e6a8fbb236e3713ec00f047160e91d0911edca
-
SHA256
8ac34b41109839d7df80a6dd020fe4f61284344f279b476ef5157a7c731049e5
-
SHA512
fa4b0fedf856cf7179d803a04e6ee1b274ec8d641d7bc3883c36112b96981f0661c33d7e7b28d89acbaa0e7cec82916aaf2f79e7883cdc83aa51e8b73d43a326
-
SSDEEP
3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l
Static task
static1
Behavioral task
behavioral1
Sample
bbdf3e2b36371cefd0f69912f09f8ee0N.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
bbdf3e2b36371cefd0f69912f09f8ee0N.exe
-
Size
284KB
-
MD5
bbdf3e2b36371cefd0f69912f09f8ee0
-
SHA1
10e6a8fbb236e3713ec00f047160e91d0911edca
-
SHA256
8ac34b41109839d7df80a6dd020fe4f61284344f279b476ef5157a7c731049e5
-
SHA512
fa4b0fedf856cf7179d803a04e6ee1b274ec8d641d7bc3883c36112b96981f0661c33d7e7b28d89acbaa0e7cec82916aaf2f79e7883cdc83aa51e8b73d43a326
-
SSDEEP
3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-