General
-
Target
67b78307c52f7135521c67894d423b669aaf62ca078e6bbe5674949c4d139e66
-
Size
5.7MB
-
Sample
221017-3vlg9sdfc2
-
MD5
60ae9ea1e18a521afb2b61c688c1f35b
-
SHA1
2499a4d1b3965dd2a3aaf1be4c9b14018be8ca10
-
SHA256
67b78307c52f7135521c67894d423b669aaf62ca078e6bbe5674949c4d139e66
-
SHA512
2d22e7431a9aa8f0a860ba2ff3c1947e5dcc01a3d063a4468ef786291fa12bb526be44592a1d7a33a1daf37821ee7580259aa209e261c1a92700437748167cf0
-
SSDEEP
6144:mriTOeUceEZPVB18RdCqdomsKABh/llz6MP86JQPDHDdx/Qtqx:zhZdv8R0qRsKAB9llz6gPJQPDHvd
Malware Config
Targets
-
-
Target
67b78307c52f7135521c67894d423b669aaf62ca078e6bbe5674949c4d139e66
-
Size
5.7MB
-
MD5
60ae9ea1e18a521afb2b61c688c1f35b
-
SHA1
2499a4d1b3965dd2a3aaf1be4c9b14018be8ca10
-
SHA256
67b78307c52f7135521c67894d423b669aaf62ca078e6bbe5674949c4d139e66
-
SHA512
2d22e7431a9aa8f0a860ba2ff3c1947e5dcc01a3d063a4468ef786291fa12bb526be44592a1d7a33a1daf37821ee7580259aa209e261c1a92700437748167cf0
-
SSDEEP
6144:mriTOeUceEZPVB18RdCqdomsKABh/llz6MP86JQPDHDdx/Qtqx:zhZdv8R0qRsKAB9llz6gPJQPDHvd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-