General
-
Target
ddcfd76e848edc9f452652e6f662ba2eca121a3097ed9ea1267d0f3c5e3668ff
-
Size
105KB
-
Sample
221124-ajmlzaee85
-
MD5
536ca09ffe8a16c8cb742b299fe1204d
-
SHA1
15fa786bcc63e7a60f215f250bd2934e2a9e0603
-
SHA256
ddcfd76e848edc9f452652e6f662ba2eca121a3097ed9ea1267d0f3c5e3668ff
-
SHA512
a3c0fddc216639ca63cee3aefe4072f4560df39ece966d99a904f3b9ea7746a00855b08016b4d70a22e926643798412f1efacd810349a0cb5d88c4e7b9706829
-
SSDEEP
1536:InE9SNA6nsDbYHTJ26p4dTR6GMyYKOsNznn3WuKDWnCvORi1wM1EAf7nctzKFKU8:yVnsDbY12e7ahn3WCCWPKEMnyc9L64
Malware Config
Targets
-
-
Target
ddcfd76e848edc9f452652e6f662ba2eca121a3097ed9ea1267d0f3c5e3668ff
-
Size
105KB
-
MD5
536ca09ffe8a16c8cb742b299fe1204d
-
SHA1
15fa786bcc63e7a60f215f250bd2934e2a9e0603
-
SHA256
ddcfd76e848edc9f452652e6f662ba2eca121a3097ed9ea1267d0f3c5e3668ff
-
SHA512
a3c0fddc216639ca63cee3aefe4072f4560df39ece966d99a904f3b9ea7746a00855b08016b4d70a22e926643798412f1efacd810349a0cb5d88c4e7b9706829
-
SSDEEP
1536:InE9SNA6nsDbYHTJ26p4dTR6GMyYKOsNznn3WuKDWnCvORi1wM1EAf7nctzKFKU8:yVnsDbY12e7ahn3WCCWPKEMnyc9L64
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-