General
-
Target
8103616202.zip
-
Size
5.2MB
-
Sample
221004-vbz8babhcl
-
MD5
3b32ad48d9b891772b150c1229e3ba08
-
SHA1
e47c04d90d520c88128d2c82537dab5e982e673d
-
SHA256
9b0426621129242246c67090f2ccc1e5cd61b6a5afd74dd2ce7076d81132c25c
-
SHA512
7fcbaf01dc3df22bca6663d06ce8ac89aa9a68f185f7e15d98202ef49a7b2e9b63ed245bc1677fb6c83d5ab046f12dfa04a061d3a31fee39e866e4a37e1886fd
-
SSDEEP
98304:fW6jdLztO9EHfH0eyAs4gCAekocVasEWroCXGltZ7YbJppT7Vq7Z8KqmRK:uqdL1fH0e0docbEWrLuMdp9707iERK
Malware Config
Targets
-
-
Target
bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be
-
Size
5.2MB
-
MD5
8934b92a1d075aae29e2ab5ea5189c49
-
SHA1
8129c3d444561ec6864d7583131f443d6fdf69cc
-
SHA256
bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be
-
SHA512
5523c60979b88938910d46c871ba2103f8f46d06a1017d01bb34a83fd46b105fc7a9f5c9a8879d0be54215bec943d71579dc57ba2a0c879b13e1b772a44c9c95
-
SSDEEP
98304:/+pmqu8JVd/7u7kxm+YcTjlKOxbqZcZkHOus1DgAtZRixAHAILz1IimEMh:+g7kKcToOYIku1DtbbgIHDmEMh
Score10/10-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Windows security modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-