General
-
Target
d43f4310b033e867cf15dbe958cf5c515b1985b9101eef5fb0af7698f3d959c5
-
Size
128KB
-
Sample
221123-lp1xbsbh84
-
MD5
98ca98af6e716cb5a6bfff5cebc1e9b4
-
SHA1
45b5b309ee779a139fb5ec86f1785a0c1962903a
-
SHA256
d43f4310b033e867cf15dbe958cf5c515b1985b9101eef5fb0af7698f3d959c5
-
SHA512
0e78721183993822a68669a2e29fd015f98e41a6cc38154c1b774cdba28d586c4003dc8db27e2dbab6793868415d3d00c06002fe0d16bef2ea23f01684ed37b7
-
SSDEEP
3072:vhlM6ftRbpsd/D6/tTkM2QjBiebMRIFHVE6+o/WdWKXkYiRwbiC:NLMYP/gWKXk
Malware Config
Targets
-
-
Target
d43f4310b033e867cf15dbe958cf5c515b1985b9101eef5fb0af7698f3d959c5
-
Size
128KB
-
MD5
98ca98af6e716cb5a6bfff5cebc1e9b4
-
SHA1
45b5b309ee779a139fb5ec86f1785a0c1962903a
-
SHA256
d43f4310b033e867cf15dbe958cf5c515b1985b9101eef5fb0af7698f3d959c5
-
SHA512
0e78721183993822a68669a2e29fd015f98e41a6cc38154c1b774cdba28d586c4003dc8db27e2dbab6793868415d3d00c06002fe0d16bef2ea23f01684ed37b7
-
SSDEEP
3072:vhlM6ftRbpsd/D6/tTkM2QjBiebMRIFHVE6+o/WdWKXkYiRwbiC:NLMYP/gWKXk
Score10/10-
UAC bypass
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-