General
-
Target
6819bca79d5d9598839e9dcfa1a12feb607e4d269a52b016949a9996c2598915.exe
-
Size
2.7MB
-
Sample
221115-medjqaga74
-
MD5
cff0e1b4af4ef5a2d4cb78ea5d403d58
-
SHA1
5224506ce265475452aeddf540f5f9b996f84bd6
-
SHA256
6819bca79d5d9598839e9dcfa1a12feb607e4d269a52b016949a9996c2598915
-
SHA512
55cfed7b7a95c71afd8191116f03829b8c51661cf1de035652e08b8ae4b8003f569ca6e198748167e626d17edb7012fe535aa08e8af2e09d2440880088fa2c40
-
SSDEEP
49152:YX9bvpxA+I4AY+a7xIrLlxJq5ZjoVrY4u0uXh/DP+P:2DnNExInjojwRK
Malware Config
Targets
-
-
Target
6819bca79d5d9598839e9dcfa1a12feb607e4d269a52b016949a9996c2598915.exe
-
Size
2.7MB
-
MD5
cff0e1b4af4ef5a2d4cb78ea5d403d58
-
SHA1
5224506ce265475452aeddf540f5f9b996f84bd6
-
SHA256
6819bca79d5d9598839e9dcfa1a12feb607e4d269a52b016949a9996c2598915
-
SHA512
55cfed7b7a95c71afd8191116f03829b8c51661cf1de035652e08b8ae4b8003f569ca6e198748167e626d17edb7012fe535aa08e8af2e09d2440880088fa2c40
-
SSDEEP
49152:YX9bvpxA+I4AY+a7xIrLlxJq5ZjoVrY4u0uXh/DP+P:2DnNExInjojwRK
Score10/10-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-