General
-
Target
df57e36973a1779d33761fe867b4ebdb624f93bf62cc08e3770012fe00fe91c5
-
Size
244KB
-
Sample
221106-settlaaegn
-
MD5
057d69c9dee3ce01d65fc41bacd497b0
-
SHA1
72969be95142bcb5ae35821b5609ab76e9eedd16
-
SHA256
df57e36973a1779d33761fe867b4ebdb624f93bf62cc08e3770012fe00fe91c5
-
SHA512
12bd4e3e6903c0849c23f9a136d84922283f4163def39f9e18ce3710a71c5892275ae29f9e2653c36fc886701576c6dd7167a3d8cb0d7d15e448acc135f760fe
-
SSDEEP
6144:FySRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvjBd4:FiPa4AHloZ7H8++/YfrLJmDISxLKApN5
Malware Config
Targets
-
-
Target
df57e36973a1779d33761fe867b4ebdb624f93bf62cc08e3770012fe00fe91c5
-
Size
244KB
-
MD5
057d69c9dee3ce01d65fc41bacd497b0
-
SHA1
72969be95142bcb5ae35821b5609ab76e9eedd16
-
SHA256
df57e36973a1779d33761fe867b4ebdb624f93bf62cc08e3770012fe00fe91c5
-
SHA512
12bd4e3e6903c0849c23f9a136d84922283f4163def39f9e18ce3710a71c5892275ae29f9e2653c36fc886701576c6dd7167a3d8cb0d7d15e448acc135f760fe
-
SSDEEP
6144:FySRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvjBd4:FiPa4AHloZ7H8++/YfrLJmDISxLKApN5
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-