General
-
Target
f650c1c00b35d1e55d8b975578424fab32c7feeacae6503aaa2fbf350bdfb24d
-
Size
556KB
-
Sample
221107-ke3shaadhj
-
MD5
04baf571ca0fa1f19fca9fb7275b4800
-
SHA1
052e16d714c18121c63b184ffd9c38cf7e8db98b
-
SHA256
f650c1c00b35d1e55d8b975578424fab32c7feeacae6503aaa2fbf350bdfb24d
-
SHA512
cd1135104e8d9ea7f07793f816631c3559a6a8112a8ad8c1188bd961979b56036262a4f51bb0dd5b9b3dd637d28e65b374409a7f80eedde8f8c887f74a33aaec
-
SSDEEP
12288:zgkDxdkL+6JNgKVcRa+fpHyWs3OBH4pUsTx5KEZh:vxsKXa+hHyWseBgnh
Malware Config
Targets
-
-
Target
f650c1c00b35d1e55d8b975578424fab32c7feeacae6503aaa2fbf350bdfb24d
-
Size
556KB
-
MD5
04baf571ca0fa1f19fca9fb7275b4800
-
SHA1
052e16d714c18121c63b184ffd9c38cf7e8db98b
-
SHA256
f650c1c00b35d1e55d8b975578424fab32c7feeacae6503aaa2fbf350bdfb24d
-
SHA512
cd1135104e8d9ea7f07793f816631c3559a6a8112a8ad8c1188bd961979b56036262a4f51bb0dd5b9b3dd637d28e65b374409a7f80eedde8f8c887f74a33aaec
-
SSDEEP
12288:zgkDxdkL+6JNgKVcRa+fpHyWs3OBH4pUsTx5KEZh:vxsKXa+hHyWseBgnh
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-