General
-
Target
f3a9535175a780ed07a7325f420c8781cc5eb56074624abb794f2518f7bb6c89
-
Size
120KB
-
Sample
221002-2kz28sdfh4
-
MD5
6c1dbc98846d4cca09f5243dd85acfb0
-
SHA1
0c5e2c82ada6d07e5293f5af6105650613364359
-
SHA256
f3a9535175a780ed07a7325f420c8781cc5eb56074624abb794f2518f7bb6c89
-
SHA512
45944111ce478dacc4c6723c288013805593587489247f9eb8f591dd6f737cb5e6f0161cf50116edb90f5f2ab405e51694db553d2b365f3f694ac40ca236dee4
-
SSDEEP
1536:XUVCTeffiQwWkUyXUQsj2IVXnn5MjmOPk4aP4aQol7tS0D:kVrffiQfkJUzj2IBujNP/aPQG
Malware Config
Targets
-
-
Target
f3a9535175a780ed07a7325f420c8781cc5eb56074624abb794f2518f7bb6c89
-
Size
120KB
-
MD5
6c1dbc98846d4cca09f5243dd85acfb0
-
SHA1
0c5e2c82ada6d07e5293f5af6105650613364359
-
SHA256
f3a9535175a780ed07a7325f420c8781cc5eb56074624abb794f2518f7bb6c89
-
SHA512
45944111ce478dacc4c6723c288013805593587489247f9eb8f591dd6f737cb5e6f0161cf50116edb90f5f2ab405e51694db553d2b365f3f694ac40ca236dee4
-
SSDEEP
1536:XUVCTeffiQwWkUyXUQsj2IVXnn5MjmOPk4aP4aQol7tS0D:kVrffiQfkJUzj2IBujNP/aPQG
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-