General
-
Target
f00b42b1887124d38525ae30c549e1a23ce24ac730219fe0b96cd4ac67ce1f6a
-
Size
171KB
-
Sample
221107-z172nshgc2
-
MD5
0fc4659a59d0fa17bff47f0cb5a94db8
-
SHA1
4780f431b2f6bdcc47812312ca10c1b3c8edfa87
-
SHA256
f00b42b1887124d38525ae30c549e1a23ce24ac730219fe0b96cd4ac67ce1f6a
-
SHA512
a3f64f4055a4cd2cd2d0e02309e044152848a526bf1b3927e08a07f872e19a584b071a486f7a4b327927a2eb16cbfbde36f3cf08914c298bbdfcbe7117e9b209
-
SSDEEP
3072:+/iF5m7PtlxiDV6sy+7BTQC745AypubN6dndDuPX9vqhL9bv1aVQXvBfTS:j5m9iDVrEV5AyAN6XoXNqhxb1LpLS
Malware Config
Targets
-
-
Target
f00b42b1887124d38525ae30c549e1a23ce24ac730219fe0b96cd4ac67ce1f6a
-
Size
171KB
-
MD5
0fc4659a59d0fa17bff47f0cb5a94db8
-
SHA1
4780f431b2f6bdcc47812312ca10c1b3c8edfa87
-
SHA256
f00b42b1887124d38525ae30c549e1a23ce24ac730219fe0b96cd4ac67ce1f6a
-
SHA512
a3f64f4055a4cd2cd2d0e02309e044152848a526bf1b3927e08a07f872e19a584b071a486f7a4b327927a2eb16cbfbde36f3cf08914c298bbdfcbe7117e9b209
-
SSDEEP
3072:+/iF5m7PtlxiDV6sy+7BTQC745AypubN6dndDuPX9vqhL9bv1aVQXvBfTS:j5m9iDVrEV5AyAN6XoXNqhxb1LpLS
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-