General
-
Target
3149ea07eb8cdb88a0e40b403b924414d079fa80ba3bf99e3c32ed54ac74bfcd
-
Size
360KB
-
Sample
221123-r1kx5sch9s
-
MD5
3108db8b571e4e9ab936f987687356c6
-
SHA1
b19d6c7ff9a62f070708c3a2cdece6cf56d4f152
-
SHA256
3149ea07eb8cdb88a0e40b403b924414d079fa80ba3bf99e3c32ed54ac74bfcd
-
SHA512
17bf722f145dc74db3dd6f4127dcf5f94828fda93532b1bc44480aa6941300ee20d24e3323e21a728445a20b9d676f7565f2c08f0488291aed369392ac3d2765
-
SSDEEP
6144:NllKyqL6eabhTG9myTZeXojfBmHc2pOjThMlqesmOM7Pprl4bbNFqeQTA1cHxL6:NllfbVHceXEQpOjkqbmOM1rlibNzQs1U
Malware Config
Targets
-
-
Target
3149ea07eb8cdb88a0e40b403b924414d079fa80ba3bf99e3c32ed54ac74bfcd
-
Size
360KB
-
MD5
3108db8b571e4e9ab936f987687356c6
-
SHA1
b19d6c7ff9a62f070708c3a2cdece6cf56d4f152
-
SHA256
3149ea07eb8cdb88a0e40b403b924414d079fa80ba3bf99e3c32ed54ac74bfcd
-
SHA512
17bf722f145dc74db3dd6f4127dcf5f94828fda93532b1bc44480aa6941300ee20d24e3323e21a728445a20b9d676f7565f2c08f0488291aed369392ac3d2765
-
SSDEEP
6144:NllKyqL6eabhTG9myTZeXojfBmHc2pOjThMlqesmOM7Pprl4bbNFqeQTA1cHxL6:NllfbVHceXEQpOjkqbmOM1rlibNzQs1U
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-