General
-
Target
933f5a2f2d32ee297f684aba2fe82ed00727c84cda16642bdfff0ca1e7ed1221
-
Size
234KB
-
Sample
221011-y1c1vscgbm
-
MD5
6ed58f353c2b820a48a3d096e0a59c20
-
SHA1
bd5ee569f23887f7a8f9e98d35c6433a83898911
-
SHA256
933f5a2f2d32ee297f684aba2fe82ed00727c84cda16642bdfff0ca1e7ed1221
-
SHA512
0d6caa7dc495f2c4d9b7f10ac54319ca8306eeae65515665f7d8f02bce52ef43c540ba0beaa5cbbba7a35c5f33807c5fa1f7006d86db80f509c600394f98f589
-
SSDEEP
3072:RjujS5TRVfzAa4Q4RXSGi0nYTLpRUr94R1R1oiiFF+ZObMzqdjSGlu:vTg5zRXvYROk2iiIObMzqw
Malware Config
Targets
-
-
Target
933f5a2f2d32ee297f684aba2fe82ed00727c84cda16642bdfff0ca1e7ed1221
-
Size
234KB
-
MD5
6ed58f353c2b820a48a3d096e0a59c20
-
SHA1
bd5ee569f23887f7a8f9e98d35c6433a83898911
-
SHA256
933f5a2f2d32ee297f684aba2fe82ed00727c84cda16642bdfff0ca1e7ed1221
-
SHA512
0d6caa7dc495f2c4d9b7f10ac54319ca8306eeae65515665f7d8f02bce52ef43c540ba0beaa5cbbba7a35c5f33807c5fa1f7006d86db80f509c600394f98f589
-
SSDEEP
3072:RjujS5TRVfzAa4Q4RXSGi0nYTLpRUr94R1R1oiiFF+ZObMzqdjSGlu:vTg5zRXvYROk2iiIObMzqw
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-