General
-
Target
dd34ad7cb1aa444fde929f06bb8894201419f8b0c47ee8524899385b40ea4ad0
-
Size
132KB
-
Sample
221003-ty5wmsegg5
-
MD5
60199809e3321d60e0a08573387267a8
-
SHA1
f69a6fd5f368e7afb0e9877b9ab2aaf650c4cefc
-
SHA256
dd34ad7cb1aa444fde929f06bb8894201419f8b0c47ee8524899385b40ea4ad0
-
SHA512
2d8e40aeea660cf17afabc9bfd46310f55cf40a0a2c22baea4ae50374c0ba4ae29509c231904bd4b61fa847d84e929e090f48f8e34474489ac4116efe66c1874
-
SSDEEP
1536:/HDU4kEyptmE4gaRqi6eFkesYEkvrb0+78skMJbfFNOSD0ec79zZLlwsttmhTs+/:/G4gaRqvck9YLbk0fa0HE9Ve/d7Q
Malware Config
Targets
-
-
Target
dd34ad7cb1aa444fde929f06bb8894201419f8b0c47ee8524899385b40ea4ad0
-
Size
132KB
-
MD5
60199809e3321d60e0a08573387267a8
-
SHA1
f69a6fd5f368e7afb0e9877b9ab2aaf650c4cefc
-
SHA256
dd34ad7cb1aa444fde929f06bb8894201419f8b0c47ee8524899385b40ea4ad0
-
SHA512
2d8e40aeea660cf17afabc9bfd46310f55cf40a0a2c22baea4ae50374c0ba4ae29509c231904bd4b61fa847d84e929e090f48f8e34474489ac4116efe66c1874
-
SSDEEP
1536:/HDU4kEyptmE4gaRqi6eFkesYEkvrb0+78skMJbfFNOSD0ec79zZLlwsttmhTs+/:/G4gaRqvck9YLbk0fa0HE9Ve/d7Q
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-