General
-
Target
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f
-
Size
533KB
-
Sample
221123-z3l7zshe21
-
MD5
3e2feb71f64528d9b1fc89e659ecbceb
-
SHA1
8bc722ca6e8723915025bb3b3363e7bc26c3a120
-
SHA256
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f
-
SHA512
e28290e9d8b2795d1fa8195e3f4a9bee70cf278f30ae8197d2fd33fa631fe40878705f4f5e9df1dd17138d509ac24ed546c503fc54d253ffe8c51a345c9fcc1d
-
SSDEEP
12288:xCTPgrnZiJiAaMVkUet7EwBI+APu4UjQLDW:xCTPMAzVkUetVI5u4+SDW
Static task
static1
Behavioral task
behavioral1
Sample
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f
-
Size
533KB
-
MD5
3e2feb71f64528d9b1fc89e659ecbceb
-
SHA1
8bc722ca6e8723915025bb3b3363e7bc26c3a120
-
SHA256
ab6c6ae71ac2ad8c6705aa842bbb689ef2cd69208294536f33fe671ed7ed390f
-
SHA512
e28290e9d8b2795d1fa8195e3f4a9bee70cf278f30ae8197d2fd33fa631fe40878705f4f5e9df1dd17138d509ac24ed546c503fc54d253ffe8c51a345c9fcc1d
-
SSDEEP
12288:xCTPgrnZiJiAaMVkUet7EwBI+APu4UjQLDW:xCTPMAzVkUetVI5u4+SDW
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Modifies visibility of file extensions in Explorer
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-