General
-
Target
imyfone-anyto_setup.exe
-
Size
2.5MB
-
Sample
221018-t98rnsgeb3
-
MD5
16150d3146cfa973d78ccd0a34de53b9
-
SHA1
a262cb1ab3bd11e745d423226a5a1e85759cd129
-
SHA256
0d7d947595a574950992da84bca7ce19270adae8bb86e56707353631ffccc23e
-
SHA512
0730032c204183dc9f936612ac2b3f17ee1165b9187ec4a3b52b8fc1056d617bca77c44afa8bdf69d42ddc0680e87951f9c73d07b5c7ebde69cd95483c9df04b
-
SSDEEP
49152:OsfiCWc55Egj9Xx5wdDhs1C2/Rct+kGFzpyatlHHfhfmPjQ6MR:OAiCWc5+g52MEtCNJ5+jQL
Malware Config
Targets
-
-
Target
imyfone-anyto_setup.exe
-
Size
2.5MB
-
MD5
16150d3146cfa973d78ccd0a34de53b9
-
SHA1
a262cb1ab3bd11e745d423226a5a1e85759cd129
-
SHA256
0d7d947595a574950992da84bca7ce19270adae8bb86e56707353631ffccc23e
-
SHA512
0730032c204183dc9f936612ac2b3f17ee1165b9187ec4a3b52b8fc1056d617bca77c44afa8bdf69d42ddc0680e87951f9c73d07b5c7ebde69cd95483c9df04b
-
SSDEEP
49152:OsfiCWc55Egj9Xx5wdDhs1C2/Rct+kGFzpyatlHHfhfmPjQ6MR:OAiCWc5+g52MEtCNJ5+jQL
Score10/10-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-