General
-
Target
814fdda61cc34272ae3efcca2678ba05da8ac69a1837d2a161cb43fcc680b42d
-
Size
1016KB
-
Sample
221020-f8ycnafhgn
-
MD5
80a5e49ebb4fa82b3bf8a6727a91b1a0
-
SHA1
5e09bcc9fe4bd04d67587776e459fd61c5502f72
-
SHA256
814fdda61cc34272ae3efcca2678ba05da8ac69a1837d2a161cb43fcc680b42d
-
SHA512
73072184adad7d11bb32c7b65ae8e37b1899a97227c395c028537fcf229e0aff4ea2a3cc2859b85ae1f3b340a681e6c36aa2809547b550497a684c16711ecb0e
-
SSDEEP
12288:RIXsgtvm1De5YlOx6lzBH46UQlgMI1MM:RU81yMBbVlgMI1MM
Malware Config
Targets
-
-
Target
814fdda61cc34272ae3efcca2678ba05da8ac69a1837d2a161cb43fcc680b42d
-
Size
1016KB
-
MD5
80a5e49ebb4fa82b3bf8a6727a91b1a0
-
SHA1
5e09bcc9fe4bd04d67587776e459fd61c5502f72
-
SHA256
814fdda61cc34272ae3efcca2678ba05da8ac69a1837d2a161cb43fcc680b42d
-
SHA512
73072184adad7d11bb32c7b65ae8e37b1899a97227c395c028537fcf229e0aff4ea2a3cc2859b85ae1f3b340a681e6c36aa2809547b550497a684c16711ecb0e
-
SSDEEP
12288:RIXsgtvm1De5YlOx6lzBH46UQlgMI1MM:RU81yMBbVlgMI1MM
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-