General
-
Target
9a5e354c9dd58179d853334248d40b54822e2cf0fcef2f7db6a53ac98eae2627
-
Size
268KB
-
Sample
221123-sy3kvaff7z
-
MD5
6ccdf7345c429a1d9b4bdfb2df5f9295
-
SHA1
dad86d461c5f6a17229414c5dedabd5657f148b8
-
SHA256
9a5e354c9dd58179d853334248d40b54822e2cf0fcef2f7db6a53ac98eae2627
-
SHA512
40f4fa5935e9edee720a14ea5298813ce3d1fb02115f374078495f76d55f8617ba65e9134e2458b5cc269a452f9d0380adaef68230bc6f9467f3aa87652a3609
-
SSDEEP
6144:OvJ9gKQ0vKEP5/4D8QIPQYhp2G7Mvhwc/3LsPU3JBRQ:OvjByEPZ4AQBYzoBsPU3J3
Malware Config
Targets
-
-
Target
9a5e354c9dd58179d853334248d40b54822e2cf0fcef2f7db6a53ac98eae2627
-
Size
268KB
-
MD5
6ccdf7345c429a1d9b4bdfb2df5f9295
-
SHA1
dad86d461c5f6a17229414c5dedabd5657f148b8
-
SHA256
9a5e354c9dd58179d853334248d40b54822e2cf0fcef2f7db6a53ac98eae2627
-
SHA512
40f4fa5935e9edee720a14ea5298813ce3d1fb02115f374078495f76d55f8617ba65e9134e2458b5cc269a452f9d0380adaef68230bc6f9467f3aa87652a3609
-
SSDEEP
6144:OvJ9gKQ0vKEP5/4D8QIPQYhp2G7Mvhwc/3LsPU3JBRQ:OvjByEPZ4AQBYzoBsPU3J3
Score8/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-