General
-
Target
8da6678bd41fb6d8c02642a8e35ab7d597567a02fecc7e1a8d99906768f1c4b7
-
Size
592KB
-
Sample
221002-r9sz4sbdf9
-
MD5
65a26623095e6f02ecbfb2e438189110
-
SHA1
2bd285516698ad16ce7636e72c1c4045755d3db2
-
SHA256
8da6678bd41fb6d8c02642a8e35ab7d597567a02fecc7e1a8d99906768f1c4b7
-
SHA512
836aff8f9545273e4287881627548e39aaf8054c997e7577ddb9eb68b01415f3ff947080542de801f58d418c20fcec966086da525dd98f1dd11867b128f005dd
-
SSDEEP
12288:ZpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqs0E2:ZpUNr6YkVRFkgbeqeo68FhqTz
Malware Config
Targets
-
-
Target
8da6678bd41fb6d8c02642a8e35ab7d597567a02fecc7e1a8d99906768f1c4b7
-
Size
592KB
-
MD5
65a26623095e6f02ecbfb2e438189110
-
SHA1
2bd285516698ad16ce7636e72c1c4045755d3db2
-
SHA256
8da6678bd41fb6d8c02642a8e35ab7d597567a02fecc7e1a8d99906768f1c4b7
-
SHA512
836aff8f9545273e4287881627548e39aaf8054c997e7577ddb9eb68b01415f3ff947080542de801f58d418c20fcec966086da525dd98f1dd11867b128f005dd
-
SSDEEP
12288:ZpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqs0E2:ZpUNr6YkVRFkgbeqeo68FhqTz
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-