General
-
Target
7f362ae1b3351c9c2f253cc23af8bd82f2f34cf7585facf2980f0fad59cd93c5
-
Size
136KB
-
Sample
221011-y15e4scgej
-
MD5
7a9c969e034aae515ee98fdb30bf6a36
-
SHA1
3fb06c3fdafcd97b4ea6186715c984e9b75d104b
-
SHA256
7f362ae1b3351c9c2f253cc23af8bd82f2f34cf7585facf2980f0fad59cd93c5
-
SHA512
9ac1b9210e97af8013c32561c80cf72d8e44565d26dab125659628b03c61fe62a0c069a874b729bda955a8735caf432f2ed4d70a538751958fd60699927c6b08
-
SSDEEP
1536:j2p4EcTCjv4e79/Y7f88E0/dRSHEpTYEXHmJEj543TRR4hN0ywc9wANLUv+tY5tM:j2ZWGe9z/KHEp9XH4EdCANvxU2SZu/0
Malware Config
Targets
-
-
Target
7f362ae1b3351c9c2f253cc23af8bd82f2f34cf7585facf2980f0fad59cd93c5
-
Size
136KB
-
MD5
7a9c969e034aae515ee98fdb30bf6a36
-
SHA1
3fb06c3fdafcd97b4ea6186715c984e9b75d104b
-
SHA256
7f362ae1b3351c9c2f253cc23af8bd82f2f34cf7585facf2980f0fad59cd93c5
-
SHA512
9ac1b9210e97af8013c32561c80cf72d8e44565d26dab125659628b03c61fe62a0c069a874b729bda955a8735caf432f2ed4d70a538751958fd60699927c6b08
-
SSDEEP
1536:j2p4EcTCjv4e79/Y7f88E0/dRSHEpTYEXHmJEj543TRR4hN0ywc9wANLUv+tY5tM:j2ZWGe9z/KHEp9XH4EdCANvxU2SZu/0
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-