General
-
Target
427ad4f97f5062e2480bac6c80efc61f9eeb0b016cd2f202fbeaa2be4cea8c9e
-
Size
2.4MB
-
Sample
221123-xngylsfe64
-
MD5
d6f5a6aa8744d4357a12a92d6ba3e6ca
-
SHA1
9ec104b8d2cdde80abe7384868de56085c9901c8
-
SHA256
427ad4f97f5062e2480bac6c80efc61f9eeb0b016cd2f202fbeaa2be4cea8c9e
-
SHA512
9c03e06289b11591e0fceb5d9b3be55b25bf42597305f09846899edf649079423ae4cd11c320ce2185b2a7366b2a151f21fecc8b84f64cf19309c3f1fcdb6a12
-
SSDEEP
49152:wc//////0Tn3nEnJYPnSAvFZ3DQ7qoW4hDvu4z5NvamUDkYnW19AQ1K:wc//////oEnJozNZTQ7qoW34Dt4VnoAT
Malware Config
Targets
-
-
Target
427ad4f97f5062e2480bac6c80efc61f9eeb0b016cd2f202fbeaa2be4cea8c9e
-
Size
2.4MB
-
MD5
d6f5a6aa8744d4357a12a92d6ba3e6ca
-
SHA1
9ec104b8d2cdde80abe7384868de56085c9901c8
-
SHA256
427ad4f97f5062e2480bac6c80efc61f9eeb0b016cd2f202fbeaa2be4cea8c9e
-
SHA512
9c03e06289b11591e0fceb5d9b3be55b25bf42597305f09846899edf649079423ae4cd11c320ce2185b2a7366b2a151f21fecc8b84f64cf19309c3f1fcdb6a12
-
SSDEEP
49152:wc//////0Tn3nEnJYPnSAvFZ3DQ7qoW4hDvu4z5NvamUDkYnW19AQ1K:wc//////oEnJozNZTQ7qoW34Dt4VnoAT
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-