General
-
Target
16691a026002980c1fac428610d73ca9638420d2e3fa79c8d1a8284388ee307b
-
Size
2.6MB
-
Sample
221110-x5srfadae7
-
MD5
c0827a7bd617a2fcd31a3d751152c2e0
-
SHA1
2d58f48e54e1c54e7b63e7ba2c9f50323994242a
-
SHA256
16691a026002980c1fac428610d73ca9638420d2e3fa79c8d1a8284388ee307b
-
SHA512
cbec23219a6084bc7226c5c86e34ecc17019224b1ccf55e35df899c50d896da358c7c2e1558f52aaf582f23520144b4541fb31c58e851251bed7dac364c09ad5
-
SSDEEP
49152:Y00kMwfXeTG2JpMpukZ6obih7GQtMKc+l3s7RjE+SsZa:YJkduTG2JQdZ6nhYK1cu3
Static task
static1
Malware Config
Targets
-
-
Target
16691a026002980c1fac428610d73ca9638420d2e3fa79c8d1a8284388ee307b
-
Size
2.6MB
-
MD5
c0827a7bd617a2fcd31a3d751152c2e0
-
SHA1
2d58f48e54e1c54e7b63e7ba2c9f50323994242a
-
SHA256
16691a026002980c1fac428610d73ca9638420d2e3fa79c8d1a8284388ee307b
-
SHA512
cbec23219a6084bc7226c5c86e34ecc17019224b1ccf55e35df899c50d896da358c7c2e1558f52aaf582f23520144b4541fb31c58e851251bed7dac364c09ad5
-
SSDEEP
49152:Y00kMwfXeTG2JpMpukZ6obih7GQtMKc+l3s7RjE+SsZa:YJkduTG2JQdZ6nhYK1cu3
-
Modifies security service
-
Drops file in Drivers directory
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-