General
-
Target
4197a14a44e9c944c958f8f4f581473aa370ccab4c0a21b91fc98fdf5b9dde23
-
Size
532KB
-
Sample
221002-r93jjsbdg5
-
MD5
66edf43a932104c82116b711587d90b0
-
SHA1
f3dfb97201c691f6ed0b37cbf6f4ae0292131e4f
-
SHA256
4197a14a44e9c944c958f8f4f581473aa370ccab4c0a21b91fc98fdf5b9dde23
-
SHA512
a464c1365b4ee7a171d7498cba2291a145a64932249e76f4040e38e2255220ea26e6f33a6f5cd71430f740b446427d645ec86fd56e963b77704981db12604254
-
SSDEEP
12288:L2iwn/ND7S3xI66S/H3UyKxWn2hJ+MRmhhhitLpm1tT0:L213Sed0XjhwtLpwR0
Malware Config
Targets
-
-
Target
4197a14a44e9c944c958f8f4f581473aa370ccab4c0a21b91fc98fdf5b9dde23
-
Size
532KB
-
MD5
66edf43a932104c82116b711587d90b0
-
SHA1
f3dfb97201c691f6ed0b37cbf6f4ae0292131e4f
-
SHA256
4197a14a44e9c944c958f8f4f581473aa370ccab4c0a21b91fc98fdf5b9dde23
-
SHA512
a464c1365b4ee7a171d7498cba2291a145a64932249e76f4040e38e2255220ea26e6f33a6f5cd71430f740b446427d645ec86fd56e963b77704981db12604254
-
SSDEEP
12288:L2iwn/ND7S3xI66S/H3UyKxWn2hJ+MRmhhhitLpm1tT0:L213Sed0XjhwtLpwR0
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-