General
-
Target
fb9ead1d8b0d7e26264e73d190c190bec35b3e31ebf74bee17c84514c29a3a81
-
Size
162KB
-
Sample
221127-jsp8wsef8t
-
MD5
f6710a928e7c123887bf5716b6ce3d72
-
SHA1
78ff43711800f8b55c90053ee469f317d5456855
-
SHA256
fb9ead1d8b0d7e26264e73d190c190bec35b3e31ebf74bee17c84514c29a3a81
-
SHA512
948ca2b3fe6cf09dff33576b748d12812b97d6e85d9ec3b2cab91148c3d38c5fdcef6fcca8d2295d47bc9e19332eec0ec312b675460b5c52143ad40affb07742
-
SSDEEP
3072:SATjMpxXxgGvYskJLRiuyVisMekmUd0aIjwJczcvuo+wxmiAY/:BTjMpz6qnQ0b7gu1wE
Malware Config
Targets
-
-
Target
fb9ead1d8b0d7e26264e73d190c190bec35b3e31ebf74bee17c84514c29a3a81
-
Size
162KB
-
MD5
f6710a928e7c123887bf5716b6ce3d72
-
SHA1
78ff43711800f8b55c90053ee469f317d5456855
-
SHA256
fb9ead1d8b0d7e26264e73d190c190bec35b3e31ebf74bee17c84514c29a3a81
-
SHA512
948ca2b3fe6cf09dff33576b748d12812b97d6e85d9ec3b2cab91148c3d38c5fdcef6fcca8d2295d47bc9e19332eec0ec312b675460b5c52143ad40affb07742
-
SSDEEP
3072:SATjMpxXxgGvYskJLRiuyVisMekmUd0aIjwJczcvuo+wxmiAY/:BTjMpz6qnQ0b7gu1wE
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-