General
-
Target
2fa935884bbdef3afe3c59ba894b93a087fea7c56af02ab0c831a6f581031f35
-
Size
544KB
-
Sample
221128-sdmc5aca37
-
MD5
e038a0d251bb672af6506aeb420f2388
-
SHA1
0f085d0385eb58fe0126cef171e3bfcfb2fd25bf
-
SHA256
2fa935884bbdef3afe3c59ba894b93a087fea7c56af02ab0c831a6f581031f35
-
SHA512
05ba101950b87331bf0646346202e507a7eaab19c8b4f8982ba43798366669a397149e32e3d5776f6b52d04e89f9df6af0ad3bfd299fb9e967941a5de98f170a
-
SSDEEP
12288:9R1cL/pzrkTj+3B6P0M4e5iVs3kkG6FD:X1ctzrk41pe5i0kkG6
Malware Config
Targets
-
-
Target
2fa935884bbdef3afe3c59ba894b93a087fea7c56af02ab0c831a6f581031f35
-
Size
544KB
-
MD5
e038a0d251bb672af6506aeb420f2388
-
SHA1
0f085d0385eb58fe0126cef171e3bfcfb2fd25bf
-
SHA256
2fa935884bbdef3afe3c59ba894b93a087fea7c56af02ab0c831a6f581031f35
-
SHA512
05ba101950b87331bf0646346202e507a7eaab19c8b4f8982ba43798366669a397149e32e3d5776f6b52d04e89f9df6af0ad3bfd299fb9e967941a5de98f170a
-
SSDEEP
12288:9R1cL/pzrkTj+3B6P0M4e5iVs3kkG6FD:X1ctzrk41pe5i0kkG6
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-