General
-
Target
cfbb106b583c0893c602fb4e578172f69a712db9fb31c0ef5baa4cc9d9967516
-
Size
292KB
-
Sample
221029-w9ymtaahdr
-
MD5
84134e81eed0e7a6bff2ebafaa9f1080
-
SHA1
5b1d41b4d8404cb578942b7e44e3a43e145f0153
-
SHA256
cfbb106b583c0893c602fb4e578172f69a712db9fb31c0ef5baa4cc9d9967516
-
SHA512
0b65aefb7ab9b88378e414b86ce7bd0742a4941ca007417c2863892505935816dec481011481522b040419fd18ede729d242eaa3a0766fbe681f6e60b1d0cc30
-
SSDEEP
6144:DVNxf01ziLoxnFVBIKbxIW6ZBk27xxl9C6Ya:hNxf01zikxn+KbxibB7xf9v
Malware Config
Targets
-
-
Target
cfbb106b583c0893c602fb4e578172f69a712db9fb31c0ef5baa4cc9d9967516
-
Size
292KB
-
MD5
84134e81eed0e7a6bff2ebafaa9f1080
-
SHA1
5b1d41b4d8404cb578942b7e44e3a43e145f0153
-
SHA256
cfbb106b583c0893c602fb4e578172f69a712db9fb31c0ef5baa4cc9d9967516
-
SHA512
0b65aefb7ab9b88378e414b86ce7bd0742a4941ca007417c2863892505935816dec481011481522b040419fd18ede729d242eaa3a0766fbe681f6e60b1d0cc30
-
SSDEEP
6144:DVNxf01ziLoxnFVBIKbxIW6ZBk27xxl9C6Ya:hNxf01zikxn+KbxibB7xf9v
Score8/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-