General
-
Target
327f3735753722cce7efc978fc5fd0d9be59c5013499e4c177a3636c22e02dd6
-
Size
612KB
-
Sample
221125-lcdk9sfh28
-
MD5
fa2b2bf45bbd6d6dc2f1afc683bea85c
-
SHA1
28fdb35377468f84df6aec2eb4e16ca3986b4387
-
SHA256
327f3735753722cce7efc978fc5fd0d9be59c5013499e4c177a3636c22e02dd6
-
SHA512
bbc1e9aec1da4f8fea99c6d42c7abfbbe61522c55621dae79d81122cc5b7a601b0b085570a5dd936adf6f50024e06e831db058a327fbfd80922723b7645c0d89
-
SSDEEP
6144:48XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aUn/0vQPT20Q:7nRy+ZyYpaCDJFuPyAHcqrUns9v2V+yc
Malware Config
Targets
-
-
Target
327f3735753722cce7efc978fc5fd0d9be59c5013499e4c177a3636c22e02dd6
-
Size
612KB
-
MD5
fa2b2bf45bbd6d6dc2f1afc683bea85c
-
SHA1
28fdb35377468f84df6aec2eb4e16ca3986b4387
-
SHA256
327f3735753722cce7efc978fc5fd0d9be59c5013499e4c177a3636c22e02dd6
-
SHA512
bbc1e9aec1da4f8fea99c6d42c7abfbbe61522c55621dae79d81122cc5b7a601b0b085570a5dd936adf6f50024e06e831db058a327fbfd80922723b7645c0d89
-
SSDEEP
6144:48XXRUw9Oz5+iUU03pej1YpTYzOb0kLXhlJFTaLTGu0yvHcr+JB8aUn/0vQPT20Q:7nRy+ZyYpaCDJFuPyAHcqrUns9v2V+yc
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-