General
-
Target
49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8
-
Size
124KB
-
Sample
221123-lppt3afd2x
-
MD5
70d24101bbf1b1c0586eda8cb43b0b86
-
SHA1
05b7f3c58ddee28044006efb66020597a7d52c36
-
SHA256
49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8
-
SHA512
b2d4f60dd2999d8fa739a89ed08ed2fc9f3946647667d72960c0b0c9a5ca91aa803641d7961372726e6faaeb853ff9b95df1f473afe771ff8a38748364d2e569
-
SSDEEP
3072:ZlLfBpLN3a1P4eSZWWGNBrGnrKB+3s/s1Ic44g1j0JPuG:TBX24eSjGncrXCSIc
Malware Config
Targets
-
-
Target
49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8
-
Size
124KB
-
MD5
70d24101bbf1b1c0586eda8cb43b0b86
-
SHA1
05b7f3c58ddee28044006efb66020597a7d52c36
-
SHA256
49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8
-
SHA512
b2d4f60dd2999d8fa739a89ed08ed2fc9f3946647667d72960c0b0c9a5ca91aa803641d7961372726e6faaeb853ff9b95df1f473afe771ff8a38748364d2e569
-
SSDEEP
3072:ZlLfBpLN3a1P4eSZWWGNBrGnrKB+3s/s1Ic44g1j0JPuG:TBX24eSjGncrXCSIc
Score10/10-
UAC bypass
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-