General
-
Target
87d5dba25f53935bcfb2d0d9d18191c9
-
Size
7.7MB
-
Sample
220920-vfk9ysdhf7
-
MD5
87d5dba25f53935bcfb2d0d9d18191c9
-
SHA1
d8640f67e62b90d13b1a4037471f9d232250010a
-
SHA256
a20dcb4022a8cdfff4695d23261292891dc8dff7b695a21d8529632a35c012ea
-
SHA512
3bd3c19195ae59899363c77e6d9689246ce152bfddde769635c5cdd2359468b5ef19720f9fad545f45f32a9e850b454c3016ef7d7c52d325c185f0bb1684933c
-
SSDEEP
6144:H3Be8ySm8hQAAIfFrRXuEE+0l97mKwKSwHV2386JQPDHDdx/Qtqa:o/zkFF+EExZmKbSQVMPJQPDHvd
Malware Config
Targets
-
-
Target
87d5dba25f53935bcfb2d0d9d18191c9
-
Size
7.7MB
-
MD5
87d5dba25f53935bcfb2d0d9d18191c9
-
SHA1
d8640f67e62b90d13b1a4037471f9d232250010a
-
SHA256
a20dcb4022a8cdfff4695d23261292891dc8dff7b695a21d8529632a35c012ea
-
SHA512
3bd3c19195ae59899363c77e6d9689246ce152bfddde769635c5cdd2359468b5ef19720f9fad545f45f32a9e850b454c3016ef7d7c52d325c185f0bb1684933c
-
SSDEEP
6144:H3Be8ySm8hQAAIfFrRXuEE+0l97mKwKSwHV2386JQPDHDdx/Qtqa:o/zkFF+EExZmKbSQVMPJQPDHvd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-