General
-
Target
38b261da148ca25a0dda01f71eb8e504729f94839056f4eaed56983e0ec184ab
-
Size
140KB
-
Sample
221003-2qyflaagg9
-
MD5
69f414513bf37426b454b69dc6573ad0
-
SHA1
31f8ddf9c559c9dc1c1e80a00d22444f8f58ddb4
-
SHA256
38b261da148ca25a0dda01f71eb8e504729f94839056f4eaed56983e0ec184ab
-
SHA512
fe0e8298fc8a65de73225908fdd603935afdeac0c74c837a85df3dd5850ad1aa6476b1c9e7e8a970bdf252a84cd6e1f4cf1a5c76a76d20c6e294dcf2378c4c98
-
SSDEEP
1536:vzFiVhEXvtG8nIIQYfIN4anyDU6ZcRJFx4pP681hMSsJOoZhlyb9QXVtbtz:0uXv694w6ZcDFw1hMtJO4Tn
Malware Config
Targets
-
-
Target
38b261da148ca25a0dda01f71eb8e504729f94839056f4eaed56983e0ec184ab
-
Size
140KB
-
MD5
69f414513bf37426b454b69dc6573ad0
-
SHA1
31f8ddf9c559c9dc1c1e80a00d22444f8f58ddb4
-
SHA256
38b261da148ca25a0dda01f71eb8e504729f94839056f4eaed56983e0ec184ab
-
SHA512
fe0e8298fc8a65de73225908fdd603935afdeac0c74c837a85df3dd5850ad1aa6476b1c9e7e8a970bdf252a84cd6e1f4cf1a5c76a76d20c6e294dcf2378c4c98
-
SSDEEP
1536:vzFiVhEXvtG8nIIQYfIN4anyDU6ZcRJFx4pP681hMSsJOoZhlyb9QXVtbtz:0uXv694w6ZcDFw1hMtJO4Tn
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-