General
-
Target
787924f9f1fc2ab829f494f33414da98849acf0484e3602448aec68abeb3e733
-
Size
1016KB
-
Sample
221029-x125baccel
-
MD5
523c87bf5018c5910e80db98fb470380
-
SHA1
57b16953d631c70acc2a0f6d03f648e18b65df4c
-
SHA256
787924f9f1fc2ab829f494f33414da98849acf0484e3602448aec68abeb3e733
-
SHA512
5dbff5bae2cf94045ebdb37c612a79852cfb0357827689b64d3bf547b3f736eeefcaa4e90d7f15b4955bee6d92ebbcb7ac16c1ece0df556fb1d09ea90b1b13e3
-
SSDEEP
6144:HIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUzx84a2lXUW:HIXsgtvm1De5YlOx6lzBH46Uzf7lXUW
Malware Config
Targets
-
-
Target
787924f9f1fc2ab829f494f33414da98849acf0484e3602448aec68abeb3e733
-
Size
1016KB
-
MD5
523c87bf5018c5910e80db98fb470380
-
SHA1
57b16953d631c70acc2a0f6d03f648e18b65df4c
-
SHA256
787924f9f1fc2ab829f494f33414da98849acf0484e3602448aec68abeb3e733
-
SHA512
5dbff5bae2cf94045ebdb37c612a79852cfb0357827689b64d3bf547b3f736eeefcaa4e90d7f15b4955bee6d92ebbcb7ac16c1ece0df556fb1d09ea90b1b13e3
-
SSDEEP
6144:HIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUzx84a2lXUW:HIXsgtvm1De5YlOx6lzBH46Uzf7lXUW
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-