General
-
Target
f4e56fcc2ac4ef45d7b2840ace3e136ff9b4b61622c6905241d11792b11fdc39
-
Size
464KB
-
Sample
221011-r14p9aaeal
-
MD5
496cebd00eb98ced36bd3b653aa036fb
-
SHA1
d9002b6045d68eb4dda1423699d9b903b13b8dd2
-
SHA256
f4e56fcc2ac4ef45d7b2840ace3e136ff9b4b61622c6905241d11792b11fdc39
-
SHA512
a521618c1bc1df047cbba5fabecce778f110700c1e941bab04e97209a3e4c8ba024929eb2d05b1a78e565c00673f6194ea3b3661eec8060fccd39eb542523c85
-
SSDEEP
6144:neXajnXTrkY9Nfl7ZOD9aelcbhSF1nfWpVbPP/KCIxijzUd/qHBdjK0DdvRgf+:neX0rkcfstvnf9Cvjod/qSOJ2+
Malware Config
Targets
-
-
Target
f4e56fcc2ac4ef45d7b2840ace3e136ff9b4b61622c6905241d11792b11fdc39
-
Size
464KB
-
MD5
496cebd00eb98ced36bd3b653aa036fb
-
SHA1
d9002b6045d68eb4dda1423699d9b903b13b8dd2
-
SHA256
f4e56fcc2ac4ef45d7b2840ace3e136ff9b4b61622c6905241d11792b11fdc39
-
SHA512
a521618c1bc1df047cbba5fabecce778f110700c1e941bab04e97209a3e4c8ba024929eb2d05b1a78e565c00673f6194ea3b3661eec8060fccd39eb542523c85
-
SSDEEP
6144:neXajnXTrkY9Nfl7ZOD9aelcbhSF1nfWpVbPP/KCIxijzUd/qHBdjK0DdvRgf+:neX0rkcfstvnf9Cvjod/qSOJ2+
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-