General
-
Target
33387ca8112dca7ff4f4f7be05132bf37ea9a66eaafa0a63a1d64ed896dbb4fb
-
Size
930KB
-
Sample
221123-rzttnach5t
-
MD5
dae2f720e349ccb835a278d1bec03060
-
SHA1
fe2c4a608a250a9d4552ffd23c65bdb53da45dd1
-
SHA256
33387ca8112dca7ff4f4f7be05132bf37ea9a66eaafa0a63a1d64ed896dbb4fb
-
SHA512
ca43c5337714aa024992084c12e10ba2db800a68b1a6be0b1d82d0a29a38fd2ae8fc4bf028395b09bc30f4caae4b8eefc629cfb25e4208b24bdfc9f265fad581
-
SSDEEP
24576:9JRrskqKo1FQa8TE6uYTLF70JfyNBNEeqjUnhRQY:9JF5qKo1F36EXihOyNB25Ug
Malware Config
Targets
-
-
Target
33387ca8112dca7ff4f4f7be05132bf37ea9a66eaafa0a63a1d64ed896dbb4fb
-
Size
930KB
-
MD5
dae2f720e349ccb835a278d1bec03060
-
SHA1
fe2c4a608a250a9d4552ffd23c65bdb53da45dd1
-
SHA256
33387ca8112dca7ff4f4f7be05132bf37ea9a66eaafa0a63a1d64ed896dbb4fb
-
SHA512
ca43c5337714aa024992084c12e10ba2db800a68b1a6be0b1d82d0a29a38fd2ae8fc4bf028395b09bc30f4caae4b8eefc629cfb25e4208b24bdfc9f265fad581
-
SSDEEP
24576:9JRrskqKo1FQa8TE6uYTLF70JfyNBNEeqjUnhRQY:9JF5qKo1F36EXihOyNB25Ug
Score8/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-