General
-
Target
ef39e86415c40bd689daa72244dc89e85a627984b062b6f625755d1cb20bfd1d
-
Size
177KB
-
Sample
221002-n1s2zafcgk
-
MD5
66d6129b6222698871dfe75744574140
-
SHA1
8cfcc9b2eb0bdf57c672c2717698449c6365e727
-
SHA256
ef39e86415c40bd689daa72244dc89e85a627984b062b6f625755d1cb20bfd1d
-
SHA512
5c979ca7df678d4c0b83c7b1f181d74f1e06419b916bb0fa9fe69fcca43d967f54564363b0090550f5a14a23a2d4c789ee55110aca5222ab5f9b8f0a5ec2fbcd
-
SSDEEP
3072:mH4MnMqAOOtxTb1DG4SWeIajBsVroNw7dVQoD43GD5a7IW+:mHZnMqALTmIajSdoNQdWoD485a7ID
Malware Config
Targets
-
-
Target
ef39e86415c40bd689daa72244dc89e85a627984b062b6f625755d1cb20bfd1d
-
Size
177KB
-
MD5
66d6129b6222698871dfe75744574140
-
SHA1
8cfcc9b2eb0bdf57c672c2717698449c6365e727
-
SHA256
ef39e86415c40bd689daa72244dc89e85a627984b062b6f625755d1cb20bfd1d
-
SHA512
5c979ca7df678d4c0b83c7b1f181d74f1e06419b916bb0fa9fe69fcca43d967f54564363b0090550f5a14a23a2d4c789ee55110aca5222ab5f9b8f0a5ec2fbcd
-
SSDEEP
3072:mH4MnMqAOOtxTb1DG4SWeIajBsVroNw7dVQoD43GD5a7IW+:mHZnMqALTmIajSdoNQdWoD485a7ID
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-