General
-
Target
5ff6d4c6e029a7fa2586f6f82d5954fb39502949f78e250adc4547db249bcc0a
-
Size
336KB
-
Sample
221123-lnfj1abg74
-
MD5
baaa635f843f9759a5dd3829a92d72d5
-
SHA1
5eb12cc8673caad9c95c1768bde04d28b3b53fa2
-
SHA256
5ff6d4c6e029a7fa2586f6f82d5954fb39502949f78e250adc4547db249bcc0a
-
SHA512
dd5685f2d184e357246b7e5b41b5c23ca87caf7d205bd66b67796b6dc91d4c16cd652a9afdeaf9d6d45e8d20afba1cdbab59479bf40a032748e364bfa27c62bd
-
SSDEEP
3072:CxLgJ+ejdnp4Xk6gD7MDDMPAGawxxuhKYMNowDnyy5dPathmxZ5JTt9cRuP7d2Zu:Ci8qnE+YD0aguIZrPYuJhqR2x2sd6Dt
Malware Config
Targets
-
-
Target
5ff6d4c6e029a7fa2586f6f82d5954fb39502949f78e250adc4547db249bcc0a
-
Size
336KB
-
MD5
baaa635f843f9759a5dd3829a92d72d5
-
SHA1
5eb12cc8673caad9c95c1768bde04d28b3b53fa2
-
SHA256
5ff6d4c6e029a7fa2586f6f82d5954fb39502949f78e250adc4547db249bcc0a
-
SHA512
dd5685f2d184e357246b7e5b41b5c23ca87caf7d205bd66b67796b6dc91d4c16cd652a9afdeaf9d6d45e8d20afba1cdbab59479bf40a032748e364bfa27c62bd
-
SSDEEP
3072:CxLgJ+ejdnp4Xk6gD7MDDMPAGawxxuhKYMNowDnyy5dPathmxZ5JTt9cRuP7d2Zu:Ci8qnE+YD0aguIZrPYuJhqR2x2sd6Dt
Score8/10-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-