General
-
Target
e1312cad3fd1a88923cebcf43de8be347ee346b9c3293b73400f55f4dbfe783c
-
Size
1.7MB
-
Sample
221124-wlqmasag42
-
MD5
25608c802cc888e22266120f327032fd
-
SHA1
164717002d508e77a9131b4fd8828e93167886d7
-
SHA256
e1312cad3fd1a88923cebcf43de8be347ee346b9c3293b73400f55f4dbfe783c
-
SHA512
0cebd8c895748ae7392f73ab3e0c37eb38bd1bc2973294adf3f3c71595e772a3d8054d6ba9f82382283a6a010e33fd7b72a730ee4b4e4a574a7e47fe3dc4821c
-
SSDEEP
49152:PD1YJREKyzVULk4FdtIYTAdZTCbMklbm:5Yz/yatFdtI3ZTCb
Malware Config
Targets
-
-
Target
e1312cad3fd1a88923cebcf43de8be347ee346b9c3293b73400f55f4dbfe783c
-
Size
1.7MB
-
MD5
25608c802cc888e22266120f327032fd
-
SHA1
164717002d508e77a9131b4fd8828e93167886d7
-
SHA256
e1312cad3fd1a88923cebcf43de8be347ee346b9c3293b73400f55f4dbfe783c
-
SHA512
0cebd8c895748ae7392f73ab3e0c37eb38bd1bc2973294adf3f3c71595e772a3d8054d6ba9f82382283a6a010e33fd7b72a730ee4b4e4a574a7e47fe3dc4821c
-
SSDEEP
49152:PD1YJREKyzVULk4FdtIYTAdZTCbMklbm:5Yz/yatFdtI3ZTCb
Score8/10-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-