General
-
Target
87a1c1e65a1411782b0d56890318ef5e13381971f26ed1304339c11798cb200c
-
Size
128KB
-
Sample
221012-q38asaeagj
-
MD5
623448edebee9834e266b4e6d2efaa20
-
SHA1
84cfa0be9528b1c3476000cb095bc0d9cacaa3c4
-
SHA256
87a1c1e65a1411782b0d56890318ef5e13381971f26ed1304339c11798cb200c
-
SHA512
fcdab07bd0f0a5cb438a71b69ad586c83df202c0aa27a3c22bf4e7e4863071f13afa78c665aa64db12b2e5cf5231a0ec33e03e3c24e3255837504d90c7f8f566
-
SSDEEP
1536:GRMuZuWrnx7avrCQVYQPZ9gSSdwLWMgeeOhYWmx99SsEzTQ7ZUs3L8CEJUzO8n7D:urnxYKQPZm2ytIhYVxb7ZjgvJUy8nLqQ
Malware Config
Targets
-
-
Target
87a1c1e65a1411782b0d56890318ef5e13381971f26ed1304339c11798cb200c
-
Size
128KB
-
MD5
623448edebee9834e266b4e6d2efaa20
-
SHA1
84cfa0be9528b1c3476000cb095bc0d9cacaa3c4
-
SHA256
87a1c1e65a1411782b0d56890318ef5e13381971f26ed1304339c11798cb200c
-
SHA512
fcdab07bd0f0a5cb438a71b69ad586c83df202c0aa27a3c22bf4e7e4863071f13afa78c665aa64db12b2e5cf5231a0ec33e03e3c24e3255837504d90c7f8f566
-
SSDEEP
1536:GRMuZuWrnx7avrCQVYQPZ9gSSdwLWMgeeOhYWmx99SsEzTQ7ZUs3L8CEJUzO8n7D:urnxYKQPZm2ytIhYVxb7ZjgvJUy8nLqQ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-