General
-
Target
9354bba77ae87718da5777e07839199a225bb3eab122c8b5ab5398c5f8126ad8
-
Size
452KB
-
Sample
220919-rvlx9aggap
-
MD5
ededb0ae35ba9e887a481452d1aa88fb
-
SHA1
30489ed50d658c5e86828f3b7d2e2b7434eae1f8
-
SHA256
9354bba77ae87718da5777e07839199a225bb3eab122c8b5ab5398c5f8126ad8
-
SHA512
d2f26a810b41b52468a62217a2d7c617de1b0abde4211a27e80912fd1e291e36071858b051ea89f7e0c039e9cf3c72bde1d895f44233727bfca2fa2e86328b77
-
SSDEEP
6144:EIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUh:EIXsgtvm1De5YlOx6lzBH46Uh
Malware Config
Targets
-
-
Target
9354bba77ae87718da5777e07839199a225bb3eab122c8b5ab5398c5f8126ad8
-
Size
452KB
-
MD5
ededb0ae35ba9e887a481452d1aa88fb
-
SHA1
30489ed50d658c5e86828f3b7d2e2b7434eae1f8
-
SHA256
9354bba77ae87718da5777e07839199a225bb3eab122c8b5ab5398c5f8126ad8
-
SHA512
d2f26a810b41b52468a62217a2d7c617de1b0abde4211a27e80912fd1e291e36071858b051ea89f7e0c039e9cf3c72bde1d895f44233727bfca2fa2e86328b77
-
SSDEEP
6144:EIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUh:EIXsgtvm1De5YlOx6lzBH46Uh
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-