General
-
Target
69ecc6feb07b77ae34ea064b2122d9846e532a4355ceb9aef51d65fae87aba79
-
Size
544KB
-
Sample
221011-m6abdabefr
-
MD5
4c743c9faa0d584983aa4e096fe7a4de
-
SHA1
0a418ea55271587d8bab6db2060bf6c4122ddd5b
-
SHA256
69ecc6feb07b77ae34ea064b2122d9846e532a4355ceb9aef51d65fae87aba79
-
SHA512
76db505e584af17d0d8e37b0756e35329dfaecd3a37b98a9dd2b2b3426345f9acf429b3345958df04950fc74ac3b201dfe74296cea71876d18e0173c9708ff47
-
SSDEEP
12288:m6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgdwdH2qGDAjs:/vdezCByqTtlMQsFuqzRbzI7IpH2N5
Malware Config
Targets
-
-
Target
69ecc6feb07b77ae34ea064b2122d9846e532a4355ceb9aef51d65fae87aba79
-
Size
544KB
-
MD5
4c743c9faa0d584983aa4e096fe7a4de
-
SHA1
0a418ea55271587d8bab6db2060bf6c4122ddd5b
-
SHA256
69ecc6feb07b77ae34ea064b2122d9846e532a4355ceb9aef51d65fae87aba79
-
SHA512
76db505e584af17d0d8e37b0756e35329dfaecd3a37b98a9dd2b2b3426345f9acf429b3345958df04950fc74ac3b201dfe74296cea71876d18e0173c9708ff47
-
SSDEEP
12288:m6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgdwdH2qGDAjs:/vdezCByqTtlMQsFuqzRbzI7IpH2N5
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-