General
-
Target
17bffdc7caa0f9f12900cbcdb322880c952cd1b39039db00b04e32af77169fd9
-
Size
512KB
-
Sample
221030-wjtk6scff6
-
MD5
82fd0018bb2441cfc589124168472840
-
SHA1
c389e4cd7981f7236f19f357f5ba61901d52dc37
-
SHA256
17bffdc7caa0f9f12900cbcdb322880c952cd1b39039db00b04e32af77169fd9
-
SHA512
bbe2e63c6e60ef81492458589b0f828fae7790d0ef3b8d9719ea7cf392f0e0da7034ac3c0662273513954d2979181cb31d2cba74a42736505aafaa26d3ab12ff
-
SSDEEP
6144:0c47HpZ9ELuQN28GWqDfKCmxS1h8sF5/x:jKpcLuQpgDf+xKh8Kp
Malware Config
Targets
-
-
Target
17bffdc7caa0f9f12900cbcdb322880c952cd1b39039db00b04e32af77169fd9
-
Size
512KB
-
MD5
82fd0018bb2441cfc589124168472840
-
SHA1
c389e4cd7981f7236f19f357f5ba61901d52dc37
-
SHA256
17bffdc7caa0f9f12900cbcdb322880c952cd1b39039db00b04e32af77169fd9
-
SHA512
bbe2e63c6e60ef81492458589b0f828fae7790d0ef3b8d9719ea7cf392f0e0da7034ac3c0662273513954d2979181cb31d2cba74a42736505aafaa26d3ab12ff
-
SSDEEP
6144:0c47HpZ9ELuQN28GWqDfKCmxS1h8sF5/x:jKpcLuQpgDf+xKh8Kp
Score10/10-
UAC bypass
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-