General
-
Target
5824595e1c5daaa1f9ba0a7c757853608362368a2d772512e464e6fd9e57369f
-
Size
508KB
-
Sample
221030-kwp8qsdafp
-
MD5
9387a892f5720d43802f485270193153
-
SHA1
611216c87cc7ce52abe7678de7d111b41c111a6e
-
SHA256
5824595e1c5daaa1f9ba0a7c757853608362368a2d772512e464e6fd9e57369f
-
SHA512
5438bce5a951ae89d10c6f1d2f31ad662493a36b235e2f521e99573bc0f9b85747dfabb20bfbae99f7e34ebb9b6966c6880810e789ab1c0ca673f1df80eacf26
-
SSDEEP
6144:x3xV7htOfFiktSdWyKYAWFCbW7LYxLk+4MGT+N50cIXv+1coDdkozx3pypmlNH9J:x3xxPuFVtSdWJsuWXLGMvxsltRok/Gy
Malware Config
Targets
-
-
Target
5824595e1c5daaa1f9ba0a7c757853608362368a2d772512e464e6fd9e57369f
-
Size
508KB
-
MD5
9387a892f5720d43802f485270193153
-
SHA1
611216c87cc7ce52abe7678de7d111b41c111a6e
-
SHA256
5824595e1c5daaa1f9ba0a7c757853608362368a2d772512e464e6fd9e57369f
-
SHA512
5438bce5a951ae89d10c6f1d2f31ad662493a36b235e2f521e99573bc0f9b85747dfabb20bfbae99f7e34ebb9b6966c6880810e789ab1c0ca673f1df80eacf26
-
SSDEEP
6144:x3xV7htOfFiktSdWyKYAWFCbW7LYxLk+4MGT+N50cIXv+1coDdkozx3pypmlNH9J:x3xxPuFVtSdWJsuWXLGMvxsltRok/Gy
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-