General
-
Target
f7e8dd116279e1dc26a87d485293de70c1bb87ced53b06d254c9f1bc7bab1f81
-
Size
700KB
-
Sample
221123-lwjxdsfg9x
-
MD5
4d54b1b6b2eca2398045edc72ad2584c
-
SHA1
930452dfa938fba49346086d137c653ad0919f04
-
SHA256
f7e8dd116279e1dc26a87d485293de70c1bb87ced53b06d254c9f1bc7bab1f81
-
SHA512
719c4d09b16ca13eb2e167db1f968db9b7c6f85e165834215557adc2c3924eb073d2a2c427243bf148927a00c6db131ca486022a00388c6c5b6ee18c763f8b9d
-
SSDEEP
12288:dM9YxCEHsfcdN9l7IpcD9fR1f36tv4g8PcOUBimJl7CyZv6Xi:aEBsUT9JP8w7ECyZvk
Malware Config
Targets
-
-
Target
f7e8dd116279e1dc26a87d485293de70c1bb87ced53b06d254c9f1bc7bab1f81
-
Size
700KB
-
MD5
4d54b1b6b2eca2398045edc72ad2584c
-
SHA1
930452dfa938fba49346086d137c653ad0919f04
-
SHA256
f7e8dd116279e1dc26a87d485293de70c1bb87ced53b06d254c9f1bc7bab1f81
-
SHA512
719c4d09b16ca13eb2e167db1f968db9b7c6f85e165834215557adc2c3924eb073d2a2c427243bf148927a00c6db131ca486022a00388c6c5b6ee18c763f8b9d
-
SSDEEP
12288:dM9YxCEHsfcdN9l7IpcD9fR1f36tv4g8PcOUBimJl7CyZv6Xi:aEBsUT9JP8w7ECyZvk
Score10/10-
UAC bypass
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-