General
-
Target
9a360dee464cb9ca8934848c2ca84983e5c2b15421b485639110fc818b5a3edd
-
Size
84KB
-
Sample
221123-td291sgh3z
-
MD5
44545089402d4861a29eafae8fdad916
-
SHA1
a12266a6e2721b453bcfdb4dd5ad9b4685f574da
-
SHA256
9a360dee464cb9ca8934848c2ca84983e5c2b15421b485639110fc818b5a3edd
-
SHA512
b4e006c41a47f7255435bcec0a13e1f28300172a355e2be5f145f961ed881c3d1b712406c1a53e262acc6670aec9e5752f022defade7a3aeced14ce0cbe2071a
-
SSDEEP
1536:KnOnMKQF9H8JA9sThtLX5TH35edD0LE3C3Ib/:VM/FeJNhtLRXkW6C4
Malware Config
Targets
-
-
Target
9a360dee464cb9ca8934848c2ca84983e5c2b15421b485639110fc818b5a3edd
-
Size
84KB
-
MD5
44545089402d4861a29eafae8fdad916
-
SHA1
a12266a6e2721b453bcfdb4dd5ad9b4685f574da
-
SHA256
9a360dee464cb9ca8934848c2ca84983e5c2b15421b485639110fc818b5a3edd
-
SHA512
b4e006c41a47f7255435bcec0a13e1f28300172a355e2be5f145f961ed881c3d1b712406c1a53e262acc6670aec9e5752f022defade7a3aeced14ce0cbe2071a
-
SSDEEP
1536:KnOnMKQF9H8JA9sThtLX5TH35edD0LE3C3Ib/:VM/FeJNhtLRXkW6C4
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-