General
-
Target
9b3b6ea864f32e5f1b18e77d3a9d97b407240c8280cd408d110955906646cdcd
-
Size
392KB
-
Sample
241116-a7n5pszncm
-
MD5
e06b81c208a137638b171074d2a7e221
-
SHA1
54852fec0478ff97aad476be9af09f36034bfa79
-
SHA256
9b3b6ea864f32e5f1b18e77d3a9d97b407240c8280cd408d110955906646cdcd
-
SHA512
3fc602a654a0a8089ccfa32c8d1ce06c659c23077d53fd32833f65ffec7497d262686212dc9d48a5784be4357966063eac9b1d2ba034ac17f44ef6c47b84566d
-
SSDEEP
3072:V+ESQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lbaV2:DPA6wxmuJspr2lb6
Behavioral task
behavioral1
Sample
9b3b6ea864f32e5f1b18e77d3a9d97b407240c8280cd408d110955906646cdcd.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
9b3b6ea864f32e5f1b18e77d3a9d97b407240c8280cd408d110955906646cdcd
-
Size
392KB
-
MD5
e06b81c208a137638b171074d2a7e221
-
SHA1
54852fec0478ff97aad476be9af09f36034bfa79
-
SHA256
9b3b6ea864f32e5f1b18e77d3a9d97b407240c8280cd408d110955906646cdcd
-
SHA512
3fc602a654a0a8089ccfa32c8d1ce06c659c23077d53fd32833f65ffec7497d262686212dc9d48a5784be4357966063eac9b1d2ba034ac17f44ef6c47b84566d
-
SSDEEP
3072:V+ESQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lbaV2:DPA6wxmuJspr2lb6
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-