General
-
Target
ceff5f71fd2415e1239d2f11abf6afbae3eed41fc467fe534883e39176337ec1
-
Size
352KB
-
Sample
221029-hha6jseeg5
-
MD5
25a3384a4e8d6b9b0f419f95ba9c236e
-
SHA1
472b5eb7045bc8577ef96aff137ed94320007401
-
SHA256
ceff5f71fd2415e1239d2f11abf6afbae3eed41fc467fe534883e39176337ec1
-
SHA512
65f9c3a057a65e85bff376eb2cdaeb09604f296ece98e7c4cfb0d22c6f9b679aab12ed148131efdc2cbfcfde6dc92762c096ccd39e072a47010c64465185c27d
-
SSDEEP
6144:tkcIBh81qVuwMEWQsWoGHjt40BXqdhMwpH5V4A6ChkdVH0:tk5hBVuIr9H5413MwV4lC
Malware Config
Targets
-
-
Target
ceff5f71fd2415e1239d2f11abf6afbae3eed41fc467fe534883e39176337ec1
-
Size
352KB
-
MD5
25a3384a4e8d6b9b0f419f95ba9c236e
-
SHA1
472b5eb7045bc8577ef96aff137ed94320007401
-
SHA256
ceff5f71fd2415e1239d2f11abf6afbae3eed41fc467fe534883e39176337ec1
-
SHA512
65f9c3a057a65e85bff376eb2cdaeb09604f296ece98e7c4cfb0d22c6f9b679aab12ed148131efdc2cbfcfde6dc92762c096ccd39e072a47010c64465185c27d
-
SSDEEP
6144:tkcIBh81qVuwMEWQsWoGHjt40BXqdhMwpH5V4A6ChkdVH0:tk5hBVuIr9H5413MwV4lC
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-