General
-
Target
84dfb6ad0685f7f848809234fe60ccc24be0b52a5fd16435fe1c51f347e283a7
-
Size
100KB
-
Sample
221121-vm1yzsae47
-
MD5
34f1b11fcba6388c9522475d2456f0a0
-
SHA1
aba3388f8ab15143afd0b803eea5729ac9786d36
-
SHA256
84dfb6ad0685f7f848809234fe60ccc24be0b52a5fd16435fe1c51f347e283a7
-
SHA512
334881c1695943f2c377a10fd30aefd38aaa4a47112be2c4692aa3d8b696ca4610bb73e209113beb78017c01d30ae4370f772bcd0765a84b51beb091a1112513
-
SSDEEP
3072:F47excGxFLPkH9SnbZDaJQXIWDvg8v+VwV6PYt+ssPVJ/e1:F+eGYtPk0Z+JQXzLg8v+VGkXFe1
Malware Config
Targets
-
-
Target
PHOTO-DEVOCHKA.exe
-
Size
151KB
-
MD5
671de3f3bbe598bd82e71b7a6eb5dea1
-
SHA1
eec94475956b4780a2e8442c421dde864a53f808
-
SHA256
f59766c94a34985d9005e28371a376ad6da603bcd671009a723981732226da6e
-
SHA512
f8532f3a3b6d1178ea9a0ccbb5fe34ee59e24287c47eb4e178ec01b4dcbe413e1f9ed50276520f972f60b1d28426eac449d7e5f48bab3014419842434314879b
-
SSDEEP
3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hi4lLlgKgssPVJ/eu:AbXE9OiTGfhEClq9ypriFeu
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-