General
-
Target
20b216435619537e03b4f4dd9aee7affd2eed98ddb1397f72c6ba18fc8302d09
-
Size
214KB
-
Sample
221003-dmq1cafacj
-
MD5
600f3bd46ffcff6b1334f28eb35d8b30
-
SHA1
59941b0ea4e89e35dbf23ab3a47f622560a94565
-
SHA256
20b216435619537e03b4f4dd9aee7affd2eed98ddb1397f72c6ba18fc8302d09
-
SHA512
ae6e7cf2145660bbf80d9cbac02d1c97a93ac976fa9c23dd0972ad025b42680a8a08ec68674edbe8493410c0f6884ff0c1c25ac05f1b8bd644ce1bb378c70d48
-
SSDEEP
3072:HJgBujdeQeMW2yGqsb61WNl8JS5Wk0sXsz2ZvM93waCx4FaVG2IS:pgBQxlb61WNKmZvM9IxKNS
Malware Config
Targets
-
-
Target
20b216435619537e03b4f4dd9aee7affd2eed98ddb1397f72c6ba18fc8302d09
-
Size
214KB
-
MD5
600f3bd46ffcff6b1334f28eb35d8b30
-
SHA1
59941b0ea4e89e35dbf23ab3a47f622560a94565
-
SHA256
20b216435619537e03b4f4dd9aee7affd2eed98ddb1397f72c6ba18fc8302d09
-
SHA512
ae6e7cf2145660bbf80d9cbac02d1c97a93ac976fa9c23dd0972ad025b42680a8a08ec68674edbe8493410c0f6884ff0c1c25ac05f1b8bd644ce1bb378c70d48
-
SSDEEP
3072:HJgBujdeQeMW2yGqsb61WNl8JS5Wk0sXsz2ZvM93waCx4FaVG2IS:pgBQxlb61WNKmZvM9IxKNS
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-