General
-
Target
630e93aa3fcbcb5f103db5022331170393f541843dee5fda6dfef4743dad0ab8
-
Size
160KB
-
Sample
221030-xnrg2seff8
-
MD5
826751f15ccb804edb4078f024618700
-
SHA1
7bd3e6b5543c00ca0006e71b25c20131d2e6b69b
-
SHA256
630e93aa3fcbcb5f103db5022331170393f541843dee5fda6dfef4743dad0ab8
-
SHA512
3d2a179b9b6828939aeebd2f88eb1fd1e0832624d42061e9868356e62087d9c28786980e9f9e765f72791e8ea9df29846ab2cca6f8a0dc1b2cd4cf3649d2c414
-
SSDEEP
1536:YJ5XVkS4XNwIY9lcaHmm0qinKvV1lfgAzjJXYQnnp69a+unVuN3FBTEr+5YU/mai:eVkYIhaHviKb5qcfnVuN3Fc+6UOM
Malware Config
Targets
-
-
Target
630e93aa3fcbcb5f103db5022331170393f541843dee5fda6dfef4743dad0ab8
-
Size
160KB
-
MD5
826751f15ccb804edb4078f024618700
-
SHA1
7bd3e6b5543c00ca0006e71b25c20131d2e6b69b
-
SHA256
630e93aa3fcbcb5f103db5022331170393f541843dee5fda6dfef4743dad0ab8
-
SHA512
3d2a179b9b6828939aeebd2f88eb1fd1e0832624d42061e9868356e62087d9c28786980e9f9e765f72791e8ea9df29846ab2cca6f8a0dc1b2cd4cf3649d2c414
-
SSDEEP
1536:YJ5XVkS4XNwIY9lcaHmm0qinKvV1lfgAzjJXYQnnp69a+unVuN3FBTEr+5YU/mai:eVkYIhaHviKb5qcfnVuN3Fc+6UOM
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-