General
-
Target
0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e
-
Size
244KB
-
Sample
221123-xleepsfc92
-
MD5
442b62ad63c76b465da5b97e21d69cd0
-
SHA1
b2f19ecc58da3686e53542d49eb5b871b533bf6a
-
SHA256
0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e
-
SHA512
1ec24a24133dc93819285d6ef344f1d10c95d3f857d9bc411b8aadca723310468e74154e54a2e339cc2f510c8b1390fb36ceff5d2d741b9d57950f0a7b6bacff
-
SSDEEP
6144:7IN/tUVMpcE8gKRzl6j13YW7ysRnt4xjCtPCrLudlGU6n5Gd:C1P8gwl6j13YW7ysRnt4xjCCrLudlN6o
Malware Config
Targets
-
-
Target
0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e
-
Size
244KB
-
MD5
442b62ad63c76b465da5b97e21d69cd0
-
SHA1
b2f19ecc58da3686e53542d49eb5b871b533bf6a
-
SHA256
0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e
-
SHA512
1ec24a24133dc93819285d6ef344f1d10c95d3f857d9bc411b8aadca723310468e74154e54a2e339cc2f510c8b1390fb36ceff5d2d741b9d57950f0a7b6bacff
-
SSDEEP
6144:7IN/tUVMpcE8gKRzl6j13YW7ysRnt4xjCtPCrLudlGU6n5Gd:C1P8gwl6j13YW7ysRnt4xjCCrLudlN6o
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-