General
-
Target
fc00b22cba73518d8307e0302ba9f360N.exe
-
Size
284KB
-
Sample
240905-t9sqfsvenj
-
MD5
fc00b22cba73518d8307e0302ba9f360
-
SHA1
03ddc26ecf6daf22073e723784e6d71e144daa55
-
SHA256
596f30efc4fd623a922f465c932895b9cd50b882e4319f056cccdc9975bfc1e0
-
SHA512
96238759fd7fcda1c3d91d49a819102acd88b935c9de9c352db99b2f9da29c315af979dc57e6840f66f534f6c1a1ebbcb71bfad150de0f687da0a417a9b8be2f
-
SSDEEP
3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l
Static task
static1
Behavioral task
behavioral1
Sample
fc00b22cba73518d8307e0302ba9f360N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
fc00b22cba73518d8307e0302ba9f360N.exe
-
Size
284KB
-
MD5
fc00b22cba73518d8307e0302ba9f360
-
SHA1
03ddc26ecf6daf22073e723784e6d71e144daa55
-
SHA256
596f30efc4fd623a922f465c932895b9cd50b882e4319f056cccdc9975bfc1e0
-
SHA512
96238759fd7fcda1c3d91d49a819102acd88b935c9de9c352db99b2f9da29c315af979dc57e6840f66f534f6c1a1ebbcb71bfad150de0f687da0a417a9b8be2f
-
SSDEEP
3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-