General
-
Target
4e528a5d717c4a9908bbe2538db01e0538fccedba8a3fe3fc1fb8c5dbf2004ebN.exe
-
Size
392KB
-
Sample
241210-nshahazjfl
-
MD5
c678c394c12a4715c7e7915bf8410a20
-
SHA1
f61f2d809d528ea506419389e54ae440942d57c3
-
SHA256
4e528a5d717c4a9908bbe2538db01e0538fccedba8a3fe3fc1fb8c5dbf2004eb
-
SHA512
1c1ea98460b84d9c97aea73d782204a433d031bae7c8e23cbba59baadb24c12eb7b0904865bbc3de75e6cd2231ef0beeb249e8ca7bbc5640d4b3a838e694e06f
-
SSDEEP
3072:V+ESQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lbaV2:DPA6wxmuJspr2lb6
Behavioral task
behavioral1
Sample
4e528a5d717c4a9908bbe2538db01e0538fccedba8a3fe3fc1fb8c5dbf2004ebN.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4e528a5d717c4a9908bbe2538db01e0538fccedba8a3fe3fc1fb8c5dbf2004ebN.exe
-
Size
392KB
-
MD5
c678c394c12a4715c7e7915bf8410a20
-
SHA1
f61f2d809d528ea506419389e54ae440942d57c3
-
SHA256
4e528a5d717c4a9908bbe2538db01e0538fccedba8a3fe3fc1fb8c5dbf2004eb
-
SHA512
1c1ea98460b84d9c97aea73d782204a433d031bae7c8e23cbba59baadb24c12eb7b0904865bbc3de75e6cd2231ef0beeb249e8ca7bbc5640d4b3a838e694e06f
-
SSDEEP
3072:V+ESQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lbaV2:DPA6wxmuJspr2lb6
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-