General
-
Target
BDCAMSETUP_ENG_4_1_2_1385.EXE
-
Size
17.1MB
-
Sample
241013-n15qrsvdrc
-
MD5
f16613c3a3b77319538c9d5aaa2901b8
-
SHA1
64c2e645d00f5cabee070dec31527e021ba2edc3
-
SHA256
b7a72c3f23c3e265caa74c60acbef350b268745c1e451a27e915011c720155f8
-
SHA512
34593fcb6738acbd3fb455c03a018648d2650c7c589de000d3fdfa6bc4b29364eeffd962f106870e5868af8dd941a858ee6b8e27d9759e79bccaa222a1fffaa1
-
SSDEEP
393216:xHtmmkxvpntFfcAeBhgUDnuUS+qjkS5LsTQAqy0hPusNfznm4h4:jmmkxx0D7uU+hAqy0jNr/h4
Malware Config
Targets
-
-
Target
BDCAMSETUP_ENG_4_1_2_1385.EXE
-
Size
17.1MB
-
MD5
f16613c3a3b77319538c9d5aaa2901b8
-
SHA1
64c2e645d00f5cabee070dec31527e021ba2edc3
-
SHA256
b7a72c3f23c3e265caa74c60acbef350b268745c1e451a27e915011c720155f8
-
SHA512
34593fcb6738acbd3fb455c03a018648d2650c7c589de000d3fdfa6bc4b29364eeffd962f106870e5868af8dd941a858ee6b8e27d9759e79bccaa222a1fffaa1
-
SSDEEP
393216:xHtmmkxvpntFfcAeBhgUDnuUS+qjkS5LsTQAqy0hPusNfznm4h4:jmmkxx0D7uU+hAqy0jNr/h4
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
720304c57dcfa17751ed455b3bb9c10a
-
SHA1
59a1c3a746de10b8875229ff29006f1fd36b1e41
-
SHA256
6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
-
SHA512
c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04
-
SSDEEP
384:E1C43tPegZ3eBaRwCPOYY7nNYXC0A/Yosa:E8TgZ3eBTCmrnNAf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
-
-
Target
$SYSDIR/D3DCompiler_47.dll
-
Size
3.5MB
-
MD5
7375633014ca3bcabf6d337abe399afc
-
SHA1
bbaf4aa50ffc0d2bd363d5debe56d41121a1fec2
-
SHA256
80b8f0435b379b18bbfd91f9e62e3797b3e9bf07d77bb8e5201a74f590cba37a
-
SHA512
d81bfffb7b031f48e08ddf9d3f4862851ed87ce50d149c63eb74fa68d92e336c1da66a5bcceb55f22211c877441570111439d7383597ad6a2cecdbd5b7502990
-
SSDEEP
49152:VtdNhilBx6wvXmPwJTtLgvUACN5m5fsRu9qLHyPQiC7:VTNUlBUwv5hdAGQfsRu2uk
Score3/10 -
-
-
Target
$SYSDIR/vcomp140.dll
-
Size
178KB
-
MD5
1cd23a0f3daf4210f86ba8eb60b2612b
-
SHA1
979ab8d98d27fc0c8810822d80a4f1361657f21d
-
SHA256
dbc67dd65ef7d68bde9147c6244e7aaa8cb275ed6d0ef60301c7e4fbb95a5a42
-
SHA512
90941648d2cebf4bcd65e54c503a2ced7362fe2b5afa6772b0ecc8ca945d2e43ea14e90a17e64f3eab8ef76ecbb0ea3cc801dbcfeaa8a90ab8b1fe2e081c17c6
-
SSDEEP
3072:KDGRbh7RozAcuolrdTl2E72uRcQnFCt+DVFf/w62dQ:HoTuIT73CG/SQ
Score3/10 -
-
-
Target
$TEMP/BDMPEG1SETUP.EXE
-
Size
1.4MB
-
MD5
461d135a4fccd51bbae38f742e123fd3
-
SHA1
c12a442fbcd4a9c44102f0a560ba03d59bc501ed
-
SHA256
4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079
-
SHA512
41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee
-
SSDEEP
24576:KmJpkgDvk80bh06JsAD8JLPHXcovQjy1jR8Qlq7m5xHlwP4mWunSCiwpFHNi:KUM80bO6JsA+jnb9iZK5plDjCTpFU
Score5/10-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
67d8f4d5acdb722e9cb7a99570b3ded1
-
SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f
-
SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
-
SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
-
SSDEEP
192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
d16e06c5de8fb8213a0464568ed9852f
-
SHA1
d063690dc0d2c824f714acb5c4bcede3aa193f03
-
SHA256
728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
-
SHA512
60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a
Score3/10 -
-
-
Target
$SYSDIR/bdmjpeg.dll
-
Size
69KB
-
MD5
69bc2386dfa5e79bcdd1079b59cca1c4
-
SHA1
9a3c030025538ebb1e41c110eb1aea60d888351c
-
SHA256
5e81801c3fe84b58dea91c664d4036922c50378207d4ab2853ed59309c03b6f6
-
SHA512
f4bf717ef00f6a14b6560aeb8b1efc1e1455eeebf20c2d7745520c5993659793cf09d3d4357388783adf643676fdfe6066c593f62705a9066541d203b6a68a52
-
SSDEEP
1536:0pt++CjgDoSOGL7Yx9FiPmeRmpOV+yV+x2W:0f2UDodEPmeRmpOV+yV+x2W
Score3/10 -
-
-
Target
$SYSDIR/bdmjpeg64.dll
-
Size
73KB
-
MD5
531f17189c60ed61bde4dcc82cc66b59
-
SHA1
77cf2141da3a67f51a8a02376ca9d4481f3e4614
-
SHA256
4d4551ae19a5aa41fd235a73a9a3bbdda68560968c33f14549fe1ad49de1ded0
-
SHA512
b552e8b6e84cf8df6f01b3aba48794fa30fd239cf6f43c658319f38c8a19de555f1204ef1041e57c8ca8318d2ea7c627b3f0ff384fe5768ed4e2212099b22cf1
-
SSDEEP
1536:wJQoyIo3+9mAORBlOQZXAkMLakTwritg/49V+DV+62t:FoyI4om/R/CkwakMritg/wV+DV+62t
Score1/10 -
-
-
Target
$SYSDIR/bdmpega.acm
-
Size
69KB
-
MD5
9b3c54a9c49ca00f5a9da7c7f84a57f9
-
SHA1
3fb1409da3e1f87eb4fd35cbd92549f3962f5304
-
SHA256
940cfe50336b7865787ee94a7292aa9e38f4ec8714ae06e2969b76b473834cc2
-
SHA512
48c7a129ae02a4ea4f2ebb4b8e28b8eaccfcfb37a5fd9b51aec868b45d630e585bd73018225dbbdb1a6fa66382db0420f8f9f8e88efa5149b20f2c5ae1407552
-
SSDEEP
1536:WSnI0PYUuguZ707dBDUtatRc3AV+jV+m2P:WkI6h7BDUtatRcQV+jV+m2P
Score3/10 -
-
-
Target
$SYSDIR/bdmpega64.acm
-
Size
74KB
-
MD5
2f42956d6772a840d47c92c48004c946
-
SHA1
a51670ba15ddb1f53bb2c0ad4364a330287c627b
-
SHA256
6b3a8585421d68d70f935bc5a656bf5edc6117ebb95f98ef710a4adff5281d1d
-
SHA512
4198a8b942fe561d64f7358d26ec67319c8137ba78609066a094ac63f6da56e2bbee38c8dab04757a8a0a956615dfda0d259763a9e2288351a0c39eef28eb93a
-
SSDEEP
1536:C2WopVs/uBbcwOTlZTd7wOtO7FxrjaAvvE6V+AaV+0q28:5WopC+bly7fO7FxrjaAvnV+tV+Z28
Score1/10 -
-
-
Target
$SYSDIR/bdmpegv.dll
-
Size
69KB
-
MD5
90476773f98f4ae0a3cb013f4d21650b
-
SHA1
1fad203382e8479be70da44f1ff16b50d12f9e69
-
SHA256
ecc73f635ef7f9c165d693acee9250f763caa7e7b6b7795c32823f2e9fd739d9
-
SHA512
efeb534a53beea8d7930f230095c57cc4d2a3a501ad356c87c5015d175861dec7fff9584741eb77c70c4ced739754c6097e3f499f061bb13382a9ffc2d6d4e12
-
SSDEEP
1536:zQmp+kyjgKeemXkIh9FixwKaRokOV+AwV+D2xn:E0EUulxwKaRokOV+5V+D2xn
Score3/10 -
-
-
Target
RegVulkanLayer.bat
-
Size
118B
-
MD5
b35e7d846a436bf1bc48b53125176f0b
-
SHA1
6e859c9374441da33fb404bff2041bbb6b068f23
-
SHA256
8198189537e866909dbeb383bb3ce43fec3351fe85ca8ddc8e9955193054f808
-
SHA512
00644acf7e72887e4dcc3e29a83362f17fd3f5338d640b0f85407f8ed173f4f3763e2a6e85dca3fdbad2495b90c3aa1761859bdfe539231b250e93ba504a56e2
Score3/10 -
-
-
Target
UnregVulkanLayer.bat
-
Size
122B
-
MD5
13e241026906e9c49e8dcc436313dc55
-
SHA1
3d2c1fdb2e0166f915796569c6e4c04167aba9d3
-
SHA256
ec319ae952e4ffac8ff5edede7029050d53452a4df9bc026de3375ecfa983a44
-
SHA512
338fd96cad17b7f73328b9361a9a23da5c184c39a0fb185d772719daa2eb7abc268834fcba5cc2f0d6e6adf1b6364d3f7e59f9b330dba1ce769674cad295b0c7
Score3/10 -
-
-
Target
amf-component-vce-windesktop32.dll
-
Size
198KB
-
MD5
6ef74574e1b3b95d4a76a7496531180b
-
SHA1
00bbdf84eef8e5c3763801cba3bc9e75677ed2b5
-
SHA256
ca1e172624ac5ec0255c98acbe10d3b046c55d34df1f346189ada3701f32cb28
-
SHA512
d2feae0282480e7dcd016009171c5ff0feef61302be32f04fe0a12b8cae242f4cbf7893f8942ccf82d5767c21ce0a1185b89ff341ca2d833cb12d4902957fe83
-
SSDEEP
3072:dF3iiufuPikCgSwMnoEZ5UnYnOC8YhtsZKakU7n8TL57yGMwOBueNhGre:nSluPikCgStossZKakU781yG3OBueS
Score3/10 -
-
-
Target
amf-component-vce-windesktop64.dll
-
Size
233KB
-
MD5
e710a971e1d1bd5d648ffa25756b0055
-
SHA1
5f460e1d3b953d9afa4e0a38ddfba60a111f727a
-
SHA256
321dd30d93a9462d080b8ea73377633dd735ca6fd64083b01b997243d8a44aaf
-
SHA512
0f11cb939f474403bbad8d78884c431d51847b6617f8dc4fa6814d518824b36a8536e453e7d68dffcacd45806979ffe4323688ae63acbb876f591592f7b6fe08
-
SSDEEP
3072:zqM/y+L4mqajQYmjxhiAZipPh54OAyjfNtTRdwDEEhuyGBQOXO/hZHU:zfhbhee54OAyTrbwDnziO/hZ0
Score1/10 -
-
-
Target
amf-core-windesktop32.dll
-
Size
610KB
-
MD5
3042c4a93c54c99e77278dcd73a10814
-
SHA1
ebea3f630a2ff94699a6c6ac420f7076519a9a18
-
SHA256
72da60e16b8530cebe0db160409ccecfc0adbc8778ffa13e08ec48eb028c457a
-
SHA512
6f8accf66ccf56c396ef4028bdde10ca7c2a2bc0a3e77250c22a06f27aecaaef23238c3ffcaa212b99d05b5da10b2ed6fdaa97d81b756121e0836c49812ec18e
-
SSDEEP
12288:GDI0ACAhE4X7BeiOlWC2UuxE34kC4Y6SBN79Kfn6W9B/Hn1Z3+xKGIek3:eI1CAhvl4uG5SWfHn1Zux3Iek3
Score3/10 -
-
-
Target
amf-core-windesktop64.dll
-
Size
772KB
-
MD5
063c0a223054dba14b375ee49dc09d11
-
SHA1
35db20df7167ab510c10bffe0867e8c76fc237ac
-
SHA256
146d0e385f2f3b93d4d8efe438b07964025cc052e237ea80a7a9c8fbe40fe3d7
-
SHA512
7991c6ac72c7b700394462f96c83e72668ef9bf0070416e506a563a1df44861fc011315f88a85077cb16521227e94979d5423c39386d5bcb70b84ffd00ed2ccd
-
SSDEEP
24576:XbN3MbdEcHyWJ9Wi/VJXRW76A0tWmX5Rv9:XKHyeWi/VJhW+n95
Score1/10 -
-
-
Target
bdcam.dll
-
Size
865KB
-
MD5
82fdf4dc9379cd57397d219db198e452
-
SHA1
ad97eb3b40d79f896a9a5938123dac5caa810d91
-
SHA256
c2e252da1d1bec27259d40cf7f4feff04e9c9646208f2255fd00a9f434c3c089
-
SHA512
977803334bbc9a1e9ea96a44cc804a8af0dfb70c86716a7288c833a2e615ae640d18a8005b0c6563a99cfaee7ff3af9cdcd41a4f4098174cd54b0a55df1e7688
-
SSDEEP
12288:yDKj0ofYZCqSYCbYqhDW7uT/A8aORDzL7XtPkslimsmfSTr7QCmZ/gkSweCuKr7g:lj0ofYZCeummr7XMTr7QCmRgkSQP
Score3/10 -
-
-
Target
bdcam.exe
-
Size
3.3MB
-
MD5
ea4dc53939edb03e0e0178fa01312dc7
-
SHA1
eaa6dd933ebd48254aaa16087b88191b8bcb2319
-
SHA256
ef13c9316861cb8f03ce4b3c65a22eb97128a2da42400f86ade6dc90ef36de3a
-
SHA512
8ebfc2f23d96336756c89fcc612c223e35a534fdf362a932ef1c08816d5668932137c15fddee4961c73c7895beeafe682aafa95466574e6a14632dd8b2a58987
-
SSDEEP
98304:ey5XujLUVwxj9QIFns+GV1/BQozrLj37y/tY1:eyOUYj9QI8Vx6Cz37Ute
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bdcam64.bin
-
Size
2.9MB
-
MD5
59ce17c72b23238b6c7a8bdc93dc3fce
-
SHA1
54fb55b07f2fb1b1acae2befcac2c8d8b17e73ad
-
SHA256
a213faac438ddbf330c3f81d6fb7ad5af81578011045fb60b7f66773f51092fb
-
SHA512
9ec761ecf2617483bf258c47dca046ca2a1cbb1e92f1ac11038136fea1dcb77bc93b68a82b2a5957e97ab8a979e95dfd3483f3c246ba517016605f6daaf48cd9
-
SSDEEP
49152:MXSTAAeZLXoVh8zWenEIkecOHl/ZKV9kD5YT+xfQ/hNlaziwOwh8C0NpNJDD:0STe0QWmXqVvhTc8C0Nl
Score1/10 -
-
-
Target
bdcam64.dll
-
Size
1.0MB
-
MD5
99b6a1cc8d325a60c545e59c8bdee580
-
SHA1
e1587949ab54573ff1edfe7ff56b4f3237f55bed
-
SHA256
88b087f69c972ea7e64f8dd406852aa4b8f7badf09c3f5c55988e7f62cc5020a
-
SHA512
751eb9bc936b34f3c5e918d98c01b34830fbec1f7f5c702d5ca2c38d4de0f49ce90486512d2b600b932af0086700460426610f1641cabfaa0c904757b726849d
-
SSDEEP
12288:ix5wBINg1Jncb+whclJJkweBKSwFT9rCpygbEcFPVBb7nVfD9S2g/9:xONgncbYO3B6FJuMxcF7ZZg
Score1/10 -
-
-
Target
bdcam_nonadmin.exe
-
Size
150KB
-
MD5
cfd060be6ccb4859edf73a91db415cf3
-
SHA1
70049f6e03e16d394a0d5325e2ec5816ab5713b9
-
SHA256
262825b33825dc29076036e9111eabcaa5a981bfae4be0c0ad9f6760101f1a3a
-
SHA512
23e227137781c220d60d4bc595e25d6df7c7c325a896d3ef0eaffdc96549726dbacba345588de1f4230e98ece4377439a56b7e2f5a8c59a3399c284b48aa2d62
-
SSDEEP
3072:czbsh7wXQA35X2PXiV5rpezDw2VBKJ4KrUX3kb1hVeVh0:czb26QoXMraUn4R
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bdcamih.dll
-
Size
86KB
-
MD5
d8b6c18c4c7aa77ba45f5702acae825b
-
SHA1
8a7927aeaf4197c75daf715342a0f1f1598bd3bb
-
SHA256
ad02eec0c2ca20d033114ad2ec1effc88854c47d60bb2f91fcf10b8e03767cc1
-
SHA512
a4c4fda810f25b4bec5aadce016a382e724e111991c256a0a53e4da67f969285360b5f5a985b3d4d0d7dbb7799179d1ee53452dbfbac8505157ed258c1ad4969
-
SSDEEP
1536:eY0kroumL/G5Peppbz6B/nbEQPd4/6+sWeLcdrE4wLPVQV+0:w65G7b21Iio+arE4OPVQV+0
Score3/10 -
-
-
Target
bdcamvk32.dll
-
Size
123KB
-
MD5
68f13d7e357a25bc18843a950bb8fb0b
-
SHA1
405910b130871ad2fecf35bf0afa6c9f43db84b9
-
SHA256
4111741fea81ed8b1ec29187a4e04afa0e5f19db438d1b67e360a074facbee8d
-
SHA512
da8f8f861e8c0f91048922e274dc6f7d1425ee3fa850b380360c8e67ce58fabc7145ea3620765051888491f07c44b63180ecdc6cfbc607bd68fba0ebd0d8ca39
-
SSDEEP
3072:Q1ybyEj7+VIRSVcb2tA2fiDQx34LJV0bPV60:lUIRhefis14LYbJ
Score3/10 -
-
-
Target
bdcamvk64.dll
-
Size
147KB
-
MD5
38888a6fad9af55a90ebed93644ae843
-
SHA1
a0bb3971afbab9382df7eb98fcf3904333952e5f
-
SHA256
98e355aa821547d1d690031aa4b839c16cc8ad02a9a855a92ee3e5a628a5d56f
-
SHA512
d522e3059dcd460e2dfa80f06a947f140b8bcec43014e12f48cc79f8cb9689e3918752182b18a6edfeef65c9f7b353ef1f157a0f81d593c24706d78d4d6b3540
-
SSDEEP
3072:5qwASkia9SpzG9Zj6V0ktFtGY9kGL/KDUkvGgFKS/4sO3MKAFVmVw0:5qwA9MRGTrKwY9svFArZ9N
Score1/10 -
-
-
Target
bdcap32.dll
-
Size
11.7MB
-
MD5
96c68a89a3141293884294d2a8940231
-
SHA1
3b40d1ae530659dcf211cef5b7e5c7078d5630e2
-
SHA256
58db20c5c6b81b55bdea5fa9761b16007ace964b69fe26e69dbbbbfc88989fd7
-
SHA512
1de178b9a27affb73c8483cab5bc7ab05a94f09b811722d9d62479f938a0c2704584a3df7e71fca510a172c10ce52bd049585da394d241e57ac0da961bbbd9a8
-
SSDEEP
196608:Y0H0+yqpXtuzEtovLjl5sOwk1sRRO7evVyUkQrOvvvv:Y0HptuzEtsLjl5sOwk1sReUkQ
Score3/10 -
-
-
Target
bdcap64.dll
-
Size
14.0MB
-
MD5
5776d02703df7878442b12d08af01a87
-
SHA1
40ad6ce94f05193e70f5189640e7816a7e65f6db
-
SHA256
4e4929e1f5399594654e407091b14f94faeb9d446c75df4890b4f2ef7a86f6a3
-
SHA512
6cd21cacaf9735cfe6efc22f8666aa978b3e367b2eee7b1da8f894d0f32679cba85ad6acb1619b9284b05b6edf741178b99a5e82dacaf7966ac5be47a0a37f2e
-
SSDEEP
98304:K6wpbTYh39HxvWdY/RoeIJ13ZRBQ2H82W8nUtxwz+U4Q8jYJkDCK2C6SqKvvvvvd:FIdYwJ13ZR62vICm/vvvvv
Score1/10 -
-
-
Target
bdfix.exe
-
Size
2.2MB
-
MD5
8004f292c1c1e2f0cdf59c9e28f99d27
-
SHA1
de954f78e571be589d07e57e87706f668265c53a
-
SHA256
512d11aa774cca841d916173bf0331035edf8ecad20f00a37c0f6553f381323b
-
SHA512
9a9c1ab6dfc0a8eff21551821a4f4c8ce7af2049c50cb915188b784bceba97c7a20ce7a06f1d737b5594f56451ee3a9525e908a9e1a66ab22bb5970600c88ecc
-
SSDEEP
49152:5KHVTUrByFSR3F2UciEhIfvksbE7VoirmHN5Yv:5HrBgSRAU/EhIfvchoirmHA
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
lang/Japanese.ini
-
Size
75KB
-
MD5
481092de0608abad2a1748104e0220c5
-
SHA1
fb3b790932ab4605aaed3d949b6965227776603d
-
SHA256
26c0960921049e4ecc6fbf4a8a77af4180bea0f087bd9f338beae56128085e2e
-
SHA512
9d6494ffbf970db3dd029cd04e4069cf463f3561d13efa89f135de4015419f2ae69380ecf6001967c644286f13d4774065fa300ce1995052baf9d4050428a497
-
SSDEEP
1536:f8Io6XQWyWDomSC5fwOQ/r+ssD+MnAo8XXx3I:WTC5f/Q/zHZI
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Modify Registry
1