General
-
Target
26b5508ed82d06e04fc2b7f3f723c0cbcaabce93093212c6b992bbe0f4fe4551
-
Size
516KB
-
Sample
220919-r1plbshafj
-
MD5
41764f04a281a9120921bc0604fc83de
-
SHA1
685e9fb012153653a2f7d0b3ed64807e92459649
-
SHA256
26b5508ed82d06e04fc2b7f3f723c0cbcaabce93093212c6b992bbe0f4fe4551
-
SHA512
c0e02ddbc4a3f88f238ce613b55ffd955e77daf751f6ce838f94d9ca777a69f05066916f26f285989b4452e5c3e5300940e96f12526009c0c69c2a6234226e5a
-
SSDEEP
6144:Vj6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrionhrai:d6onxOp8FySpE5zvIdtU+YmefI4kNTqJ
Malware Config
Targets
-
-
Target
26b5508ed82d06e04fc2b7f3f723c0cbcaabce93093212c6b992bbe0f4fe4551
-
Size
516KB
-
MD5
41764f04a281a9120921bc0604fc83de
-
SHA1
685e9fb012153653a2f7d0b3ed64807e92459649
-
SHA256
26b5508ed82d06e04fc2b7f3f723c0cbcaabce93093212c6b992bbe0f4fe4551
-
SHA512
c0e02ddbc4a3f88f238ce613b55ffd955e77daf751f6ce838f94d9ca777a69f05066916f26f285989b4452e5c3e5300940e96f12526009c0c69c2a6234226e5a
-
SSDEEP
6144:Vj6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrionhrai:d6onxOp8FySpE5zvIdtU+YmefI4kNTqJ
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-