General
-
Target
6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
-
Size
2.6MB
-
Sample
221113-r3s2jabd28
-
MD5
b5d020046c84c4cc22ce979dce7b53bf
-
SHA1
a76f5ea5ab510492f4e322fece1e826c16955045
-
SHA256
6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
-
SHA512
a834168b2e9475265b7f1b44d1606570119deaa0bd6bd5dbc36e9b7beb015393d03fecdad8e0fd15364c3fc004173f55a307e81623e651aab5c191fd3f929b2d
-
SSDEEP
49152:u+3fG3P8gy3i7wyLsdPPHMCsh8b1wvFCysv6uuCZxfllJjM3KL6hU0A7vO4GIdED:u+u0gy3McPHRsVkysNuAlM3+nvSIdED
Static task
static1
Malware Config
Targets
-
-
Target
6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
-
Size
2.6MB
-
MD5
b5d020046c84c4cc22ce979dce7b53bf
-
SHA1
a76f5ea5ab510492f4e322fece1e826c16955045
-
SHA256
6ed222056c77a040d7efc411380ebc607a089181b11a126a11eefbc64b0b3e28
-
SHA512
a834168b2e9475265b7f1b44d1606570119deaa0bd6bd5dbc36e9b7beb015393d03fecdad8e0fd15364c3fc004173f55a307e81623e651aab5c191fd3f929b2d
-
SSDEEP
49152:u+3fG3P8gy3i7wyLsdPPHMCsh8b1wvFCysv6uuCZxfllJjM3KL6hU0A7vO4GIdED:u+u0gy3McPHRsVkysNuAlM3+nvSIdED
-
Modifies security service
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-