General
-
Target
41981eae53353a1f4590af0e83aca41541b5baf93f5cb788e70238305ab52d9e
-
Size
12.3MB
-
Sample
221125-lspcpsgg79
-
MD5
eaa2ff49df45df92323c36a248de7ba5
-
SHA1
d13d7a9dd31a3392f0412ba2604044baab50f940
-
SHA256
41981eae53353a1f4590af0e83aca41541b5baf93f5cb788e70238305ab52d9e
-
SHA512
bd93ba16661175f47d1dd8d66e34bd4141cb1a7be0c3ed3e63769de6386a834dde260ce420718532f395caed14274503517b1a59e33bac69827e0c24ecf6a0b0
-
SSDEEP
393216:uiC/KFfDhofMsIEY02VnBu94Wryc/Q6V:T9fstF2VnBu94W20PV
Malware Config
Targets
-
-
Target
41981eae53353a1f4590af0e83aca41541b5baf93f5cb788e70238305ab52d9e
-
Size
12.3MB
-
MD5
eaa2ff49df45df92323c36a248de7ba5
-
SHA1
d13d7a9dd31a3392f0412ba2604044baab50f940
-
SHA256
41981eae53353a1f4590af0e83aca41541b5baf93f5cb788e70238305ab52d9e
-
SHA512
bd93ba16661175f47d1dd8d66e34bd4141cb1a7be0c3ed3e63769de6386a834dde260ce420718532f395caed14274503517b1a59e33bac69827e0c24ecf6a0b0
-
SSDEEP
393216:uiC/KFfDhofMsIEY02VnBu94Wryc/Q6V:T9fstF2VnBu94W20PV
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-