General
-
Target
obf.rar
-
Size
4KB
-
Sample
220925-w3wjwaghfl
-
MD5
0839ef1f46c4b7537b2103ccf08d1fe5
-
SHA1
487018f2cb09151573353df04814372e4b3a63fa
-
SHA256
7998265583ba8238699fcbc3c08eeca008d52863fe294d86b2d66e951da16087
-
SHA512
de4fb33d20664bd27b83b8c02352578c744776d2ee96ad2f911ac7b94f1b40ce64b16622955bf4399b36886c16e6c784d9a6fcdd9f2d098ea0f875ec148bdaf6
-
SSDEEP
96:UuHVt47gGBb8rlmdFP6TIOK13XUI2wP+Nsi6m9PJ4t1PStfpmPCm:UuHz47gGBW4Fz3kIHtAutmhmj
Static task
static1
Behavioral task
behavioral1
Sample
obf.bat
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://rick-roll.fun/uwu/0303/Admin/cc.g
Extracted
http://rick-roll.fun/uwu/0303/global/cc.g
Targets
-
-
Target
obf.bat
-
Size
27KB
-
MD5
dd7e34f9513d20a78c9d0e1f83988adb
-
SHA1
b6a71b528622667224033497954414ef701e7b6f
-
SHA256
3b3a767338286c210c11c4b6fde80b6d7beb3461a9c3dbe59da4ffef023b2181
-
SHA512
62947cbf304abfeac88df72f3c187bf65a2589fdd0092ff7af9dd3a22789136b63e89c93f9788019a9f94081b44b5012325643d0cf814835c7c5a1d36314221b
-
SSDEEP
384:gEsU85BPAVqb4C0062BKJth4d3SBhQF+/rlvuDMDdH9JDquu+jMJ7p00sFwo17uL:gUqb4SCS8ys9Fxo
Score10/10-
Modifies WinLogon for persistence
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-