General
-
Target
317f6cfe872a48e1b9dacdbfdfce4c87a7c05889a999ad8583cd1567f2383ba9
-
Size
100KB
-
Sample
221124-ag29msed64
-
MD5
05b365a4bcb9f5f05aa022aa037ebfc0
-
SHA1
f12486aeeee42adb0712c42cac0688c057685ac9
-
SHA256
317f6cfe872a48e1b9dacdbfdfce4c87a7c05889a999ad8583cd1567f2383ba9
-
SHA512
384409fb609786795541e142d95fda8a8b54e46a61558cb5873a32acafd7b8f584b49789342e053a0dabedb8f749339899edee94e71b40f411f73dbde1ff17a4
-
SSDEEP
1536:d7IjK8Kl/Z8OwYpdBFh0dSqRi9jKwwr89+UHIqf2O17QraL1W9yOzb5TWCsp2tuz:mKJT8OvBFydJTx89UOJjLYZwF2YF
Malware Config
Targets
-
-
Target
317f6cfe872a48e1b9dacdbfdfce4c87a7c05889a999ad8583cd1567f2383ba9
-
Size
100KB
-
MD5
05b365a4bcb9f5f05aa022aa037ebfc0
-
SHA1
f12486aeeee42adb0712c42cac0688c057685ac9
-
SHA256
317f6cfe872a48e1b9dacdbfdfce4c87a7c05889a999ad8583cd1567f2383ba9
-
SHA512
384409fb609786795541e142d95fda8a8b54e46a61558cb5873a32acafd7b8f584b49789342e053a0dabedb8f749339899edee94e71b40f411f73dbde1ff17a4
-
SSDEEP
1536:d7IjK8Kl/Z8OwYpdBFh0dSqRi9jKwwr89+UHIqf2O17QraL1W9yOzb5TWCsp2tuz:mKJT8OvBFydJTx89UOJjLYZwF2YF
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-