General
-
Target
03a6801d5e9da9269313c81f3040a40f65d2c9c2879b0cc5547b3b011b179817
-
Size
136KB
-
Sample
221003-dh66rsdda2
-
MD5
59549df4e94b2ecb26962b69322992e6
-
SHA1
fd7fdc99c00eeefa5a6b5a7f4c01fc2db75b756b
-
SHA256
03a6801d5e9da9269313c81f3040a40f65d2c9c2879b0cc5547b3b011b179817
-
SHA512
f2d018a4df235e02f847a7d3cb5327b3ea964b395969abdf01a9a5f8c7e516451623655e359f2eea9475fdceab470fe5a89c115bd821d878573560e97ab809d6
-
SSDEEP
3072:C/86sXxWzlY0bSyg/Hd/+VS/V+t42JhreRsh4k2ecu:yL60BY0G9X/Itveg4k2U
Malware Config
Targets
-
-
Target
03a6801d5e9da9269313c81f3040a40f65d2c9c2879b0cc5547b3b011b179817
-
Size
136KB
-
MD5
59549df4e94b2ecb26962b69322992e6
-
SHA1
fd7fdc99c00eeefa5a6b5a7f4c01fc2db75b756b
-
SHA256
03a6801d5e9da9269313c81f3040a40f65d2c9c2879b0cc5547b3b011b179817
-
SHA512
f2d018a4df235e02f847a7d3cb5327b3ea964b395969abdf01a9a5f8c7e516451623655e359f2eea9475fdceab470fe5a89c115bd821d878573560e97ab809d6
-
SSDEEP
3072:C/86sXxWzlY0bSyg/Hd/+VS/V+t42JhreRsh4k2ecu:yL60BY0G9X/Itveg4k2U
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-