General
-
Target
4cf2ab9038e17e5e0544c55e47b9bd488d8fa032d47c77594a278035fe75fca8
-
Size
86KB
-
Sample
221124-axlltsag6y
-
MD5
3f25a9df421a1e1b36b168aab21edf50
-
SHA1
5779cd669174db5dd0e171325c4d9877f7a5eb74
-
SHA256
4cf2ab9038e17e5e0544c55e47b9bd488d8fa032d47c77594a278035fe75fca8
-
SHA512
decb159afdd7d0a99a1d66c08575044023c75ed3f229fec56a546c1b9e493d26c046921b2aff29da781c2d6f0df9acca81bcafd04915ad9c2fe290df07e0cff7
-
SSDEEP
1536:iA/zYY2EoHzHoZANS9FwW6LygnzFL3RRpEqJ4fSaOWyzMmAzz9TyHPib:OYdOzHo6NYQe25LVEPflty/whyvib
Malware Config
Targets
-
-
Target
4cf2ab9038e17e5e0544c55e47b9bd488d8fa032d47c77594a278035fe75fca8
-
Size
86KB
-
MD5
3f25a9df421a1e1b36b168aab21edf50
-
SHA1
5779cd669174db5dd0e171325c4d9877f7a5eb74
-
SHA256
4cf2ab9038e17e5e0544c55e47b9bd488d8fa032d47c77594a278035fe75fca8
-
SHA512
decb159afdd7d0a99a1d66c08575044023c75ed3f229fec56a546c1b9e493d26c046921b2aff29da781c2d6f0df9acca81bcafd04915ad9c2fe290df07e0cff7
-
SSDEEP
1536:iA/zYY2EoHzHoZANS9FwW6LygnzFL3RRpEqJ4fSaOWyzMmAzz9TyHPib:OYdOzHo6NYQe25LVEPflty/whyvib
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-