General
-
Target
335bd9b16e9bef8fa9b6e6ac6d180121928ab41f7d1874318f27c3ffb2a723da
-
Size
88KB
-
Sample
241216-z298es1mcm
-
MD5
d87fade74b72fa7cc4fc784fda661c9e
-
SHA1
028afc4ec77a4681be751f27b068e810eacb3054
-
SHA256
335bd9b16e9bef8fa9b6e6ac6d180121928ab41f7d1874318f27c3ffb2a723da
-
SHA512
6bf334f15654b722eb3540136f32b9e8f3a848f7f82f8de063b16720ae440f962cb285ba318916995f03211dbe4b27faf2e93086ffa8d45c68edc2a706c91d04
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEn:6D0ctAVA/bmxIMnoKjyR/Nn
Static task
static1
Behavioral task
behavioral1
Sample
335bd9b16e9bef8fa9b6e6ac6d180121928ab41f7d1874318f27c3ffb2a723da.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
335bd9b16e9bef8fa9b6e6ac6d180121928ab41f7d1874318f27c3ffb2a723da
-
Size
88KB
-
MD5
d87fade74b72fa7cc4fc784fda661c9e
-
SHA1
028afc4ec77a4681be751f27b068e810eacb3054
-
SHA256
335bd9b16e9bef8fa9b6e6ac6d180121928ab41f7d1874318f27c3ffb2a723da
-
SHA512
6bf334f15654b722eb3540136f32b9e8f3a848f7f82f8de063b16720ae440f962cb285ba318916995f03211dbe4b27faf2e93086ffa8d45c68edc2a706c91d04
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEn:6D0ctAVA/bmxIMnoKjyR/Nn
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-