General
-
Target
0d4fe71bdfe44fde20925ca41034ebd78b43bfbd67d574344514346306fc6290
-
Size
443KB
-
Sample
221123-scwv6sea4v
-
MD5
7598cb24b3020c97a7b0e8654587174c
-
SHA1
23745f493f9a526b35d62af167222697bab7d620
-
SHA256
0d4fe71bdfe44fde20925ca41034ebd78b43bfbd67d574344514346306fc6290
-
SHA512
8aa800fa8941df7bee69fbc2b898d29d70590f56da563506dc596e9585aa55893bd527d22b2f3f427cc58784952851be160fbcbcf00713c1c4f8b52f9d4f643d
-
SSDEEP
6144:OntqEO7D2lKYJ7kxwNoCfiwIuMXUBlK0ucNM+xu7sje9FoJ1t5hAOIERGft+:WHOiz7uwNoEiwYU7uoUP9Fo9AOI6Gf4
Malware Config
Targets
-
-
Target
0d4fe71bdfe44fde20925ca41034ebd78b43bfbd67d574344514346306fc6290
-
Size
443KB
-
MD5
7598cb24b3020c97a7b0e8654587174c
-
SHA1
23745f493f9a526b35d62af167222697bab7d620
-
SHA256
0d4fe71bdfe44fde20925ca41034ebd78b43bfbd67d574344514346306fc6290
-
SHA512
8aa800fa8941df7bee69fbc2b898d29d70590f56da563506dc596e9585aa55893bd527d22b2f3f427cc58784952851be160fbcbcf00713c1c4f8b52f9d4f643d
-
SSDEEP
6144:OntqEO7D2lKYJ7kxwNoCfiwIuMXUBlK0ucNM+xu7sje9FoJ1t5hAOIERGft+:WHOiz7uwNoEiwYU7uoUP9Fo9AOI6Gf4
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-