General
-
Target
082468775e71a0573a6d1b7b9707b223.exe
-
Size
186KB
-
Sample
221020-2esqzahdf3
-
MD5
082468775e71a0573a6d1b7b9707b223
-
SHA1
f505f7bf8fd71f4fd520734e97b2dcd0a0363ed0
-
SHA256
1931ee3bb9562721ab65d6643d51c2b37879ed3347c1e96a3d27865c8e3d355a
-
SHA512
f73109d944266e4be46a6829e3eb07fa7210b6a0f310e2a5d2a45955b780a223a5fc9b9a11cfe56eddc6b775dff9f181c6e3be8929c74475ec3e933039373079
-
SSDEEP
3072:PAUr6milNYXJb3r7lkKgy6bgXBA8Ug6JPaJHiTsPrcqZH2FZxzqY6FKVwgeYENV:4h7iXJb3f8RgbUJCAuH2FZRqY6FKVwgq
Malware Config
Targets
-
-
Target
082468775e71a0573a6d1b7b9707b223.exe
-
Size
186KB
-
MD5
082468775e71a0573a6d1b7b9707b223
-
SHA1
f505f7bf8fd71f4fd520734e97b2dcd0a0363ed0
-
SHA256
1931ee3bb9562721ab65d6643d51c2b37879ed3347c1e96a3d27865c8e3d355a
-
SHA512
f73109d944266e4be46a6829e3eb07fa7210b6a0f310e2a5d2a45955b780a223a5fc9b9a11cfe56eddc6b775dff9f181c6e3be8929c74475ec3e933039373079
-
SSDEEP
3072:PAUr6milNYXJb3r7lkKgy6bgXBA8Ug6JPaJHiTsPrcqZH2FZxzqY6FKVwgeYENV:4h7iXJb3f8RgbUJCAuH2FZRqY6FKVwgq
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-