General
-
Target
7f54f866cb45a430e2d725b6998b710a6c71472f56e07aa50f043899a2962372
-
Size
1016KB
-
Sample
221021-dkhk7ahfe2
-
MD5
7b392c5d219968a687bbcd35f46a9840
-
SHA1
88352c30b47b8791ee0b6269c665f617dd8dd4e2
-
SHA256
7f54f866cb45a430e2d725b6998b710a6c71472f56e07aa50f043899a2962372
-
SHA512
b265c01b82bac0f7131bcdc60815c292e60b2a94a27aea6c67f66dca27c3b8c370258c3f5e6d45a8bf4be1929a1fc1b13541bca703a6ed7b09a7772089f06070
-
SSDEEP
6144:yIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUKz:yIXsgtvm1De5YlOx6lzBH46Us
Malware Config
Targets
-
-
Target
7f54f866cb45a430e2d725b6998b710a6c71472f56e07aa50f043899a2962372
-
Size
1016KB
-
MD5
7b392c5d219968a687bbcd35f46a9840
-
SHA1
88352c30b47b8791ee0b6269c665f617dd8dd4e2
-
SHA256
7f54f866cb45a430e2d725b6998b710a6c71472f56e07aa50f043899a2962372
-
SHA512
b265c01b82bac0f7131bcdc60815c292e60b2a94a27aea6c67f66dca27c3b8c370258c3f5e6d45a8bf4be1929a1fc1b13541bca703a6ed7b09a7772089f06070
-
SSDEEP
6144:yIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUKz:yIXsgtvm1De5YlOx6lzBH46Us
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-