General
-
Target
184e55a355815ee0764ac9645ff32ce9b652dba643abef2752685bea46b3e5f8
-
Size
124KB
-
Sample
221123-vhxqrshb29
-
MD5
4b9d85b1f4b7ef2d1f0c685a1a5d1010
-
SHA1
83d1afdfa7edf559ea36060db75b81cbcb147da5
-
SHA256
184e55a355815ee0764ac9645ff32ce9b652dba643abef2752685bea46b3e5f8
-
SHA512
5e39e65a58ebb9163803e872bc04fa4ebdbbb53435e4eb0da7caa4cbb56b1e70e41334b6374e8e6531177f42f457c4ca3b0eb5dd5e4a2bf736bb83f5e0289930
-
SSDEEP
1536:fLamlk8FwIT/4E1wvpjnk3QezE5uh2N7uekWrFvSROthqtLjNLa6uZ0ruWrkuFAy:epMtsvpjnac5uh2N7aWXg1a6gvM
Malware Config
Targets
-
-
Target
184e55a355815ee0764ac9645ff32ce9b652dba643abef2752685bea46b3e5f8
-
Size
124KB
-
MD5
4b9d85b1f4b7ef2d1f0c685a1a5d1010
-
SHA1
83d1afdfa7edf559ea36060db75b81cbcb147da5
-
SHA256
184e55a355815ee0764ac9645ff32ce9b652dba643abef2752685bea46b3e5f8
-
SHA512
5e39e65a58ebb9163803e872bc04fa4ebdbbb53435e4eb0da7caa4cbb56b1e70e41334b6374e8e6531177f42f457c4ca3b0eb5dd5e4a2bf736bb83f5e0289930
-
SSDEEP
1536:fLamlk8FwIT/4E1wvpjnk3QezE5uh2N7uekWrFvSROthqtLjNLa6uZ0ruWrkuFAy:epMtsvpjnac5uh2N7aWXg1a6gvM
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-