General
-
Target
ea976ec5491e8a718db5b3ff25ab04c23b8bebfe6126f24e1051b499c8eb14bf
-
Size
96KB
-
Sample
221106-seaqqagcg9
-
MD5
05cdad7a6fac67016658691447a38fe2
-
SHA1
114fa119fec8e026e5917078f533cf2d62883d78
-
SHA256
ea976ec5491e8a718db5b3ff25ab04c23b8bebfe6126f24e1051b499c8eb14bf
-
SHA512
58f2119a63d1a2cade001b7d6f3cf28adde0a9078242161f06aacec4502cd37adffcd9b663fa86e490124f15cdeb440f097b719c16ac5273894bcda0ab7128f8
-
SSDEEP
1536:loo9yBTMG4lc5cfM0I2YSRLhCDe4AcsWZWnVGHCGFs1fyqP/kw0sS7jlF:l1+MG2EaMd2YS7C7Al7WBs1fyXw0fvl
Malware Config
Targets
-
-
Target
ea976ec5491e8a718db5b3ff25ab04c23b8bebfe6126f24e1051b499c8eb14bf
-
Size
96KB
-
MD5
05cdad7a6fac67016658691447a38fe2
-
SHA1
114fa119fec8e026e5917078f533cf2d62883d78
-
SHA256
ea976ec5491e8a718db5b3ff25ab04c23b8bebfe6126f24e1051b499c8eb14bf
-
SHA512
58f2119a63d1a2cade001b7d6f3cf28adde0a9078242161f06aacec4502cd37adffcd9b663fa86e490124f15cdeb440f097b719c16ac5273894bcda0ab7128f8
-
SSDEEP
1536:loo9yBTMG4lc5cfM0I2YSRLhCDe4AcsWZWnVGHCGFs1fyqP/kw0sS7jlF:l1+MG2EaMd2YS7C7Al7WBs1fyXw0fvl
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-