General
-
Target
bedd1632534249fa5bc740d829ae3c6d293d28ca572673e30cb034981b893536
-
Size
116KB
-
Sample
221011-lg9jhagbf8
-
MD5
60e4749ec22c04672caf8bc25b3b2115
-
SHA1
7782b3e07fd4939e9d46764d07a039bb68709677
-
SHA256
bedd1632534249fa5bc740d829ae3c6d293d28ca572673e30cb034981b893536
-
SHA512
22241c542cb3b04e9f9a2150c1c8e99621576bb6aa1642707aaf2b59633ba55ed4a9ac7c2d408eb9d19c3c20320d92270bed75a66c71bad9c400f93262267171
-
SSDEEP
1536:tSNzd1v8JxbVWznSXM/f44xXosFHQwDAm22dBvB/L/6SJCl7kP2oONABAwgQAwgg:iv8wnb2wc2djj/6SYl7k2vBJp23
Malware Config
Targets
-
-
Target
bedd1632534249fa5bc740d829ae3c6d293d28ca572673e30cb034981b893536
-
Size
116KB
-
MD5
60e4749ec22c04672caf8bc25b3b2115
-
SHA1
7782b3e07fd4939e9d46764d07a039bb68709677
-
SHA256
bedd1632534249fa5bc740d829ae3c6d293d28ca572673e30cb034981b893536
-
SHA512
22241c542cb3b04e9f9a2150c1c8e99621576bb6aa1642707aaf2b59633ba55ed4a9ac7c2d408eb9d19c3c20320d92270bed75a66c71bad9c400f93262267171
-
SSDEEP
1536:tSNzd1v8JxbVWznSXM/f44xXosFHQwDAm22dBvB/L/6SJCl7kP2oONABAwgQAwgg:iv8wnb2wc2djj/6SYl7k2vBJp23
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-