General
-
Target
c794b13f648296d3ce367aeee708348f0bcc597c3b1873e464fa66c05b213711
-
Size
4.3MB
-
Sample
221017-3vygtsdfc7
-
MD5
6e745bc9cd3a84bdc382adc72d3c5e1f
-
SHA1
d5034f29f210d80f0c863740091ee1aac11235d4
-
SHA256
c794b13f648296d3ce367aeee708348f0bcc597c3b1873e464fa66c05b213711
-
SHA512
363b76b6585db33fba3e59963bf151f52e7b4a68cefc807d9fdfcfdc3d21fd1a487281f5c1af5edbb544419dc1d44620bf9b905b4a6d3b7155d7910ef5671c3e
-
SSDEEP
6144:priTOeUceEZPVB18RdCqdomsKA6h/llz6MP86JQPDHDdx/Qtqx:khZdv8R0qRsKA69llz6gPJQPDHvd
Malware Config
Targets
-
-
Target
c794b13f648296d3ce367aeee708348f0bcc597c3b1873e464fa66c05b213711
-
Size
4.3MB
-
MD5
6e745bc9cd3a84bdc382adc72d3c5e1f
-
SHA1
d5034f29f210d80f0c863740091ee1aac11235d4
-
SHA256
c794b13f648296d3ce367aeee708348f0bcc597c3b1873e464fa66c05b213711
-
SHA512
363b76b6585db33fba3e59963bf151f52e7b4a68cefc807d9fdfcfdc3d21fd1a487281f5c1af5edbb544419dc1d44620bf9b905b4a6d3b7155d7910ef5671c3e
-
SSDEEP
6144:priTOeUceEZPVB18RdCqdomsKA6h/llz6MP86JQPDHDdx/Qtqx:khZdv8R0qRsKA69llz6gPJQPDHvd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-