General
-
Target
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee
-
Size
800KB
-
Sample
241111-m4b27aycql
-
MD5
68e6c48eab8ee9681659d3d47d1c8442
-
SHA1
0ce069304550e846c8ba47e3198d9c5a3980c26e
-
SHA256
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee
-
SHA512
d8d32ef2d81ead9c13391738bae3368e48940dbf9c4a9c8e990ebf0f58d6d4a745f32c55472a9d704202b549954efed4ef306b2b4ad81596c6a16541118c5008
-
SSDEEP
12288:1WUovH4E8fkLIJkqNIjqWahIKR/gsk0h97chCVhw3FdCe:1WUovLOqIJk8IjhKC077ch53y
Static task
static1
Behavioral task
behavioral1
Sample
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee
-
Size
800KB
-
MD5
68e6c48eab8ee9681659d3d47d1c8442
-
SHA1
0ce069304550e846c8ba47e3198d9c5a3980c26e
-
SHA256
dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee
-
SHA512
d8d32ef2d81ead9c13391738bae3368e48940dbf9c4a9c8e990ebf0f58d6d4a745f32c55472a9d704202b549954efed4ef306b2b4ad81596c6a16541118c5008
-
SSDEEP
12288:1WUovH4E8fkLIJkqNIjqWahIKR/gsk0h97chCVhw3FdCe:1WUovLOqIJk8IjhKC077ch53y
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-