General
-
Target
6b4d9956d8b5dbc50c6346c011f82e708f4722f558739cac6b2ca6d2c46e0bd8
-
Size
947KB
-
Sample
221123-vf5zcsgh88
-
MD5
5fc51b17977c56d7158e744f254bb2fa
-
SHA1
a9197dc78760886546d386ec7f5b0b253b1cb86f
-
SHA256
6b4d9956d8b5dbc50c6346c011f82e708f4722f558739cac6b2ca6d2c46e0bd8
-
SHA512
9f718873df048898e2186ec85e79eedbecc773935471d91a0e8c70603be7683f8cbdf2a611fb90801736470cb4e7d417df9dc1c635204f8e3bce924b7bfca8c0
-
SSDEEP
24576:ZhpOrzcwXRXk96ZcoexPoHhYBssWTmpA:ZSNXtkEcoGgGW6pA
Malware Config
Targets
-
-
Target
6b4d9956d8b5dbc50c6346c011f82e708f4722f558739cac6b2ca6d2c46e0bd8
-
Size
947KB
-
MD5
5fc51b17977c56d7158e744f254bb2fa
-
SHA1
a9197dc78760886546d386ec7f5b0b253b1cb86f
-
SHA256
6b4d9956d8b5dbc50c6346c011f82e708f4722f558739cac6b2ca6d2c46e0bd8
-
SHA512
9f718873df048898e2186ec85e79eedbecc773935471d91a0e8c70603be7683f8cbdf2a611fb90801736470cb4e7d417df9dc1c635204f8e3bce924b7bfca8c0
-
SSDEEP
24576:ZhpOrzcwXRXk96ZcoexPoHhYBssWTmpA:ZSNXtkEcoGgGW6pA
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-