General
-
Target
c96067e7f408c23a539960fcecec6fba3f289eac0be2aec8d8286d414b04d4d7
-
Size
1.1MB
-
Sample
221019-q6hjjaaee4
-
MD5
90d2b4289bb9c296f2574738ebd743ae
-
SHA1
902242356e42fd4299ca1b7fa90e52b96806d667
-
SHA256
c96067e7f408c23a539960fcecec6fba3f289eac0be2aec8d8286d414b04d4d7
-
SHA512
48f01b1d86008e88d28a62ac211bcd3c9509685fc2f3a2bd27b23e63a3a84617066bffa2da9b21fe2550a9cd0c72db3f51a34247a13f14a03d3a53f85ce7b996
-
SSDEEP
24576:KiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPgfXKAiI:cuj06wdU9MZMlUI
Malware Config
Targets
-
-
Target
c96067e7f408c23a539960fcecec6fba3f289eac0be2aec8d8286d414b04d4d7
-
Size
1.1MB
-
MD5
90d2b4289bb9c296f2574738ebd743ae
-
SHA1
902242356e42fd4299ca1b7fa90e52b96806d667
-
SHA256
c96067e7f408c23a539960fcecec6fba3f289eac0be2aec8d8286d414b04d4d7
-
SHA512
48f01b1d86008e88d28a62ac211bcd3c9509685fc2f3a2bd27b23e63a3a84617066bffa2da9b21fe2550a9cd0c72db3f51a34247a13f14a03d3a53f85ce7b996
-
SSDEEP
24576:KiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPgfXKAiI:cuj06wdU9MZMlUI
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-