General
-
Target
74fffac395ec26e3bee8dccee011a3215307fe43bb5a0cdf2c32e1328a3938a7
-
Size
1016KB
-
Sample
221107-dcwsvagbdr
-
MD5
088efce33e3437bcd86493a04a59ca50
-
SHA1
8534b1ad9da1994dc6a428d9e5d43bfa9542e6be
-
SHA256
74fffac395ec26e3bee8dccee011a3215307fe43bb5a0cdf2c32e1328a3938a7
-
SHA512
c467a54c3947951930080e972c9267dd00fc51216ed083a9ce09e3273d35d4ec20c749ed527d67c9314f45d727066ed281485e745759abda8eaa77c19080df94
-
SSDEEP
6144:wIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUPzo0zo:wIXsgtvm1De5YlOx6lzBH46UPzo0zo
Malware Config
Targets
-
-
Target
74fffac395ec26e3bee8dccee011a3215307fe43bb5a0cdf2c32e1328a3938a7
-
Size
1016KB
-
MD5
088efce33e3437bcd86493a04a59ca50
-
SHA1
8534b1ad9da1994dc6a428d9e5d43bfa9542e6be
-
SHA256
74fffac395ec26e3bee8dccee011a3215307fe43bb5a0cdf2c32e1328a3938a7
-
SHA512
c467a54c3947951930080e972c9267dd00fc51216ed083a9ce09e3273d35d4ec20c749ed527d67c9314f45d727066ed281485e745759abda8eaa77c19080df94
-
SSDEEP
6144:wIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUPzo0zo:wIXsgtvm1De5YlOx6lzBH46UPzo0zo
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-