General
-
Target
83fb78d5f00b4ba5ad247984b005c74724c0832499a301cf24899c3893962282
-
Size
600KB
-
Sample
221011-kw6kqafccj
-
MD5
5a50497a16f62ecabbbf0baddf2c6730
-
SHA1
51bff4da617ba0eed283ee3103500faa4cca0813
-
SHA256
83fb78d5f00b4ba5ad247984b005c74724c0832499a301cf24899c3893962282
-
SHA512
f15a1bf957ece2616edaf12a1e1996cc20a85e942e49133f856a14a31f65b9d94950ca4c2272ab81a81a2c7caf0a20424deb81fb54f23c1a37c13762f9889e95
-
SSDEEP
12288:lpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsxoFS:lpUNr6YkVRFkgbeqeo68Fhq8oFS
Malware Config
Targets
-
-
Target
83fb78d5f00b4ba5ad247984b005c74724c0832499a301cf24899c3893962282
-
Size
600KB
-
MD5
5a50497a16f62ecabbbf0baddf2c6730
-
SHA1
51bff4da617ba0eed283ee3103500faa4cca0813
-
SHA256
83fb78d5f00b4ba5ad247984b005c74724c0832499a301cf24899c3893962282
-
SHA512
f15a1bf957ece2616edaf12a1e1996cc20a85e942e49133f856a14a31f65b9d94950ca4c2272ab81a81a2c7caf0a20424deb81fb54f23c1a37c13762f9889e95
-
SSDEEP
12288:lpUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsxoFS:lpUNr6YkVRFkgbeqeo68Fhq8oFS
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-