General
-
Target
904970ca0e4d12a6d4950bc58b9a9f1f
-
Size
171KB
-
Sample
221011-zl42gadhcq
-
MD5
904970ca0e4d12a6d4950bc58b9a9f1f
-
SHA1
32cdabb32b4859820380a841a99837c7188ebcbb
-
SHA256
dd10a6df4ab46a4fa29bb12d10baf0c6e1aabba66d19e28245839babcc8367e5
-
SHA512
28bed6d6fa9bff45722261b7091263a8e1d34c7111ecbfa47fe84442072f36c6117585bead84bb147ef149cff3761b58bde0087b190870664d284c268a2ad1d7
-
SSDEEP
3072:inYDcyRX5vv4AAK4gT2YLw3x+WY0qZm78LtCvMt5Ws9XXJI1a:aoJn4AvT2Y04yh7LvMtQYX5I1a
Malware Config
Targets
-
-
Target
message.txt .exe
-
Size
123KB
-
MD5
175567c1a7a88e2f72d685b0c5c4c78e
-
SHA1
510ed5f7b0863c4157dab467aee25f85e4c595a2
-
SHA256
d01bd452425f6b4a9ffbe73cfbd11514db7c3830780bd101d399805e99a24b27
-
SHA512
11ea1dfcf30f4602423ffc642d05a1a1658bde18592ecf4c7f34061b8ac009523bac8bc3ff1dccce5847bb305717c6cf56ffbdfa2fbbd9d025d0cbfb46de14a8
-
SSDEEP
3072:sBnFQRxo/m6WemO4g0gUon2A64d+YWH9+XEsPuCV/CAaRwEYPd:sZFQXo/f/4In2Due9uMM/CBwE8d
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-