General
-
Target
ConsiderableWinners.exe
-
Size
1.1MB
-
Sample
240829-rrsxdswerg
-
MD5
a23837debdc8f0e9fce308bff036f18f
-
SHA1
cf4df97e65bc8a17eefca9d384f55f19fb50602f
-
SHA256
848260ba966228c4db251cfbcc0e02d6ca70523a86b56e5c21f55098cec92479
-
SHA512
986e7354d758523ae4f4c2f38e4b8f629dbeeaba4b60bfd919d85139e8d8c29c0489989deab6e33022d6a744bdd93ce7c8e687036c5c4af63cce6e6f6e8bd0ad
-
SSDEEP
24576:F5OnmONUzLJq/wjcOVe+/O6B9ZdIadBjfZF/KIu4LtaXLKBTfME0gG3vdSCUxXT:CnmONUzL0/wjtVe+19Zrn/kw9T0uG3vq
Malware Config
Targets
-
-
Target
ConsiderableWinners.exe
-
Size
1.1MB
-
MD5
a23837debdc8f0e9fce308bff036f18f
-
SHA1
cf4df97e65bc8a17eefca9d384f55f19fb50602f
-
SHA256
848260ba966228c4db251cfbcc0e02d6ca70523a86b56e5c21f55098cec92479
-
SHA512
986e7354d758523ae4f4c2f38e4b8f629dbeeaba4b60bfd919d85139e8d8c29c0489989deab6e33022d6a744bdd93ce7c8e687036c5c4af63cce6e6f6e8bd0ad
-
SSDEEP
24576:F5OnmONUzLJq/wjcOVe+/O6B9ZdIadBjfZF/KIu4LtaXLKBTfME0gG3vdSCUxXT:CnmONUzL0/wjtVe+19Zrn/kw9T0uG3vq
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-