General
-
Target
4e89a25216b33984572983e8c59c3bb71f8590eb66b96d10ecd3a011e2bde7a3
-
Size
148KB
-
Sample
221020-rxh95shhf9
-
MD5
8027844bd77a04a9a3becab36f428c8e
-
SHA1
3b236297590f48d9eb8fa44b954b442f67d954cb
-
SHA256
4e89a25216b33984572983e8c59c3bb71f8590eb66b96d10ecd3a011e2bde7a3
-
SHA512
ae25bcdefa00f22512e1acf99cd3db1975c06361b15ef8d803c6c4f7a53dcce66433f00a2ea9a62bb30be67262ecdf9da05d3315aa1c3fd65d1f90b94eda4753
-
SSDEEP
1536:MBbqw7uttZVBvqFAa/1SyncmbHC1Ak2byBdcEJTt/MxMpwbXeGDtoEjAzTtkhGoA:9VRU1/8ycI6Ak2bcKENOGObHBoE6+av
Malware Config
Targets
-
-
Target
4e89a25216b33984572983e8c59c3bb71f8590eb66b96d10ecd3a011e2bde7a3
-
Size
148KB
-
MD5
8027844bd77a04a9a3becab36f428c8e
-
SHA1
3b236297590f48d9eb8fa44b954b442f67d954cb
-
SHA256
4e89a25216b33984572983e8c59c3bb71f8590eb66b96d10ecd3a011e2bde7a3
-
SHA512
ae25bcdefa00f22512e1acf99cd3db1975c06361b15ef8d803c6c4f7a53dcce66433f00a2ea9a62bb30be67262ecdf9da05d3315aa1c3fd65d1f90b94eda4753
-
SSDEEP
1536:MBbqw7uttZVBvqFAa/1SyncmbHC1Ak2byBdcEJTt/MxMpwbXeGDtoEjAzTtkhGoA:9VRU1/8ycI6Ak2bcKENOGObHBoE6+av
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-