General
-
Target
27ad3ad8da4f3ef37c637b58e1a537778bb2965630c773ce9ddcda972a19e8a3
-
Size
684KB
-
Sample
221123-vqawzacf2s
-
MD5
41bbf329d25a4664ed18bb8f079980d0
-
SHA1
be503850c64fca1bb91c8975084fb569e59be529
-
SHA256
27ad3ad8da4f3ef37c637b58e1a537778bb2965630c773ce9ddcda972a19e8a3
-
SHA512
8942136dcbf4d4176d07c99c60472252a8d6377bdcab32dfe36f6f15313b623bab57e1685296d900e55b2f447eda276100f46a528ee6767d4f76c24ee6db5c01
-
SSDEEP
6144:+h3rzMYXh+02d1r5ZTYnQbc0w6LlANv4hituxp38u0:UrgQmd195KQ40wWlANv4h8u/8
Malware Config
Targets
-
-
Target
27ad3ad8da4f3ef37c637b58e1a537778bb2965630c773ce9ddcda972a19e8a3
-
Size
684KB
-
MD5
41bbf329d25a4664ed18bb8f079980d0
-
SHA1
be503850c64fca1bb91c8975084fb569e59be529
-
SHA256
27ad3ad8da4f3ef37c637b58e1a537778bb2965630c773ce9ddcda972a19e8a3
-
SHA512
8942136dcbf4d4176d07c99c60472252a8d6377bdcab32dfe36f6f15313b623bab57e1685296d900e55b2f447eda276100f46a528ee6767d4f76c24ee6db5c01
-
SSDEEP
6144:+h3rzMYXh+02d1r5ZTYnQbc0w6LlANv4hituxp38u0:UrgQmd195KQ40wWlANv4h8u/8
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-