General
-
Target
505762ca6aea854746866b01f75d1c345fe2a6b0af3c198be1b8a6b4c34f3b23
-
Size
100KB
-
Sample
221124-ag2m4shf7z
-
MD5
2622ccb71369d576c596ee6b63486f26
-
SHA1
37ee829acd4bf5c9097962c4d1d44c7242a4e791
-
SHA256
505762ca6aea854746866b01f75d1c345fe2a6b0af3c198be1b8a6b4c34f3b23
-
SHA512
b1286e04193460b63cf8a11085eb8287960ad8a69dfcfc6d26122637181a8d8d249fab4b6ed041f0738185c178fd015b53e380f083e138b4194047e8908f8ff9
-
SSDEEP
1536:fGXuK8F4QbkId9DLgxr/iox2/586lBI57Q8sXZ922E0ujnfb5TWYll+sJo:dKgnfI/iz/5jlByUXP22Exnfwolvo
Malware Config
Targets
-
-
Target
505762ca6aea854746866b01f75d1c345fe2a6b0af3c198be1b8a6b4c34f3b23
-
Size
100KB
-
MD5
2622ccb71369d576c596ee6b63486f26
-
SHA1
37ee829acd4bf5c9097962c4d1d44c7242a4e791
-
SHA256
505762ca6aea854746866b01f75d1c345fe2a6b0af3c198be1b8a6b4c34f3b23
-
SHA512
b1286e04193460b63cf8a11085eb8287960ad8a69dfcfc6d26122637181a8d8d249fab4b6ed041f0738185c178fd015b53e380f083e138b4194047e8908f8ff9
-
SSDEEP
1536:fGXuK8F4QbkId9DLgxr/iox2/586lBI57Q8sXZ922E0ujnfb5TWYll+sJo:dKgnfI/iz/5jlByUXP22Exnfwolvo
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-