General
-
Target
59aa69a43d2e35b7e2a96a334efa9bfdda0143fc26420c587875076649706b3f
-
Size
1016KB
-
Sample
221121-tfydvage78
-
MD5
10fc8a777bb2e73925f67e9dcc83b700
-
SHA1
4c9b1d19d3e64a3e356e609a97629ee4b0827ce7
-
SHA256
59aa69a43d2e35b7e2a96a334efa9bfdda0143fc26420c587875076649706b3f
-
SHA512
f3da6524272e9f103cfc91b837650446d5f5bdcb828fd515e70c5f43b033d617d2f54a82051f129d6b96292f07216b8c254bbf8b29f1ae61ddbc3477ef35a6bc
-
SSDEEP
6144:eIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUry:eIXsgtvm1De5YlOx6lzBH46Ury
Malware Config
Targets
-
-
Target
59aa69a43d2e35b7e2a96a334efa9bfdda0143fc26420c587875076649706b3f
-
Size
1016KB
-
MD5
10fc8a777bb2e73925f67e9dcc83b700
-
SHA1
4c9b1d19d3e64a3e356e609a97629ee4b0827ce7
-
SHA256
59aa69a43d2e35b7e2a96a334efa9bfdda0143fc26420c587875076649706b3f
-
SHA512
f3da6524272e9f103cfc91b837650446d5f5bdcb828fd515e70c5f43b033d617d2f54a82051f129d6b96292f07216b8c254bbf8b29f1ae61ddbc3477ef35a6bc
-
SSDEEP
6144:eIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUry:eIXsgtvm1De5YlOx6lzBH46Ury
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-