General
-
Target
0f4f6e4bc0612b33218c9e6e34e098dbdef52784cdd4fa5e12446ed6f68cb366
-
Size
244KB
-
Sample
221002-alzz3sefdl
-
MD5
6cc3ab1abc8a68167f780018f1b26a60
-
SHA1
37c8b41fc6030deac3de83d265ed5f2e4a4378c4
-
SHA256
0f4f6e4bc0612b33218c9e6e34e098dbdef52784cdd4fa5e12446ed6f68cb366
-
SHA512
9be5fc6f6c83195b400995a1c78a971c20b4e1dd42b08fa2fa70d5b4941250b1ff04ad5341e414caa85a569b71a0c127e8e4bf8fcf5aae13ad1761dbdd48c953
-
SSDEEP
6144:5QSRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvjWQ:54Pa4AHloZ7H8++/YfrLJmDISxLKApNc
Malware Config
Targets
-
-
Target
0f4f6e4bc0612b33218c9e6e34e098dbdef52784cdd4fa5e12446ed6f68cb366
-
Size
244KB
-
MD5
6cc3ab1abc8a68167f780018f1b26a60
-
SHA1
37c8b41fc6030deac3de83d265ed5f2e4a4378c4
-
SHA256
0f4f6e4bc0612b33218c9e6e34e098dbdef52784cdd4fa5e12446ed6f68cb366
-
SHA512
9be5fc6f6c83195b400995a1c78a971c20b4e1dd42b08fa2fa70d5b4941250b1ff04ad5341e414caa85a569b71a0c127e8e4bf8fcf5aae13ad1761dbdd48c953
-
SSDEEP
6144:5QSRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvjWQ:54Pa4AHloZ7H8++/YfrLJmDISxLKApNc
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-