General
-
Target
8407ab2591d371370f231412e00331ecd204fd430d68a1c587d0b3069a8b8371
-
Size
488KB
-
Sample
221020-a397dafdb2
-
MD5
914615fe6fbdda4e5b1c3fd8cba3a9d0
-
SHA1
11d52e3425716a9ea03bf48c8f8ffce65d1e0c7f
-
SHA256
8407ab2591d371370f231412e00331ecd204fd430d68a1c587d0b3069a8b8371
-
SHA512
6292c407d8c051a3a0b48278ef5edab803b9f80ec2d45e495c17b1ff0cc58d039988644be9426f0d17bd3aecb528243d511cf06e235899883782167f58c783c2
-
SSDEEP
12288:p2iwn/ND7S3xI66S/H3UyKxWn2hJ+MRmhhhqy:p213Sed0Xjh1
Malware Config
Targets
-
-
Target
8407ab2591d371370f231412e00331ecd204fd430d68a1c587d0b3069a8b8371
-
Size
488KB
-
MD5
914615fe6fbdda4e5b1c3fd8cba3a9d0
-
SHA1
11d52e3425716a9ea03bf48c8f8ffce65d1e0c7f
-
SHA256
8407ab2591d371370f231412e00331ecd204fd430d68a1c587d0b3069a8b8371
-
SHA512
6292c407d8c051a3a0b48278ef5edab803b9f80ec2d45e495c17b1ff0cc58d039988644be9426f0d17bd3aecb528243d511cf06e235899883782167f58c783c2
-
SSDEEP
12288:p2iwn/ND7S3xI66S/H3UyKxWn2hJ+MRmhhhqy:p213Sed0Xjh1
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-