General
-
Target
0c863e9e65cd0519860d4f39c32c58737f3e336d055a29afff8c4e84631685e7
-
Size
106KB
-
Sample
221127-ff72dsag96
-
MD5
3c8a36e0343d6a2af86560cba90095ea
-
SHA1
71fabc895b6036b5b4b2813138615e45b8e39717
-
SHA256
0c863e9e65cd0519860d4f39c32c58737f3e336d055a29afff8c4e84631685e7
-
SHA512
fa00ed8c141615e10bffa461be51479d0905f69fe084ea961f09824625729833ed1742eeb3215944ab57fdacf6bc3e4938868b4db9d53a97a7e7d331b273c7f7
-
SSDEEP
3072:7YBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+R:XsGQwb37XE3ZeykGnqES+R
Malware Config
Targets
-
-
Target
0c863e9e65cd0519860d4f39c32c58737f3e336d055a29afff8c4e84631685e7
-
Size
106KB
-
MD5
3c8a36e0343d6a2af86560cba90095ea
-
SHA1
71fabc895b6036b5b4b2813138615e45b8e39717
-
SHA256
0c863e9e65cd0519860d4f39c32c58737f3e336d055a29afff8c4e84631685e7
-
SHA512
fa00ed8c141615e10bffa461be51479d0905f69fe084ea961f09824625729833ed1742eeb3215944ab57fdacf6bc3e4938868b4db9d53a97a7e7d331b273c7f7
-
SSDEEP
3072:7YBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+R:XsGQwb37XE3ZeykGnqES+R
Score8/10-
Sets DLL path for service in the registry
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-