General
-
Target
caae72a918fd4ee10d71445a4d09355b116de4247b37159d1607d2bf5e49883b
-
Size
419KB
-
Sample
221107-gasvysagc9
-
MD5
0c85f8e37afb7b1bf85ad3d38746ec90
-
SHA1
b725e2e59964812866eb92cfef09fe5bef3f6d93
-
SHA256
caae72a918fd4ee10d71445a4d09355b116de4247b37159d1607d2bf5e49883b
-
SHA512
e87e42c8664681d2b9d5abe899466486635ad6a799fd0632e43b4428a700d3cca45869b04a71f53c1bbf63b9411cab4a626b7b91773f7317e4cb489aa2451e53
-
SSDEEP
12288:1g2MA3Mw3Ewq/4QhSQTS7jb90EFwDviaPAm:F33v3EwVQmykqiaPP
Malware Config
Targets
-
-
Target
caae72a918fd4ee10d71445a4d09355b116de4247b37159d1607d2bf5e49883b
-
Size
419KB
-
MD5
0c85f8e37afb7b1bf85ad3d38746ec90
-
SHA1
b725e2e59964812866eb92cfef09fe5bef3f6d93
-
SHA256
caae72a918fd4ee10d71445a4d09355b116de4247b37159d1607d2bf5e49883b
-
SHA512
e87e42c8664681d2b9d5abe899466486635ad6a799fd0632e43b4428a700d3cca45869b04a71f53c1bbf63b9411cab4a626b7b91773f7317e4cb489aa2451e53
-
SSDEEP
12288:1g2MA3Mw3Ewq/4QhSQTS7jb90EFwDviaPAm:F33v3EwVQmykqiaPP
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-