General
-
Target
47c724ea55ddc401dbebafea545d6ac7bb32ed2b82b1c12b7083882b5d814add
-
Size
2.1MB
-
Sample
221123-rrsxdshd24
-
MD5
35196950b0867c43806fa94079cab673
-
SHA1
2aba0a0a23a6cae9c39cffb822b57118215322f4
-
SHA256
47c724ea55ddc401dbebafea545d6ac7bb32ed2b82b1c12b7083882b5d814add
-
SHA512
ece02cc0170abbdb52c5ef98b4f124a4306d0a59fc2362144ed6974e9e76b89fdc782e47652b8daf9f3a3196cb7a6e4286c0bc7102cbc2858f2f40f03332abd2
-
SSDEEP
49152:PggbSSPtE48gHHZa75zWUuDLOH6rQLeVC:pZ8gZatWUuf46rsR
Malware Config
Extracted
http://galaint.statonlinekit.in/?0=127&1=0&2=1&3=95&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=hlftlipwpt&14=1
Targets
-
-
Target
47c724ea55ddc401dbebafea545d6ac7bb32ed2b82b1c12b7083882b5d814add
-
Size
2.1MB
-
MD5
35196950b0867c43806fa94079cab673
-
SHA1
2aba0a0a23a6cae9c39cffb822b57118215322f4
-
SHA256
47c724ea55ddc401dbebafea545d6ac7bb32ed2b82b1c12b7083882b5d814add
-
SHA512
ece02cc0170abbdb52c5ef98b4f124a4306d0a59fc2362144ed6974e9e76b89fdc782e47652b8daf9f3a3196cb7a6e4286c0bc7102cbc2858f2f40f03332abd2
-
SSDEEP
49152:PggbSSPtE48gHHZa75zWUuDLOH6rQLeVC:pZ8gZatWUuf46rsR
Score10/10-
UAC bypass
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-