General
-
Target
573a6764daf6d5a68c60b0ed549659b4504d858f111589c92d75ffd5420ef18f
-
Size
272KB
-
Sample
221129-q7k12shc8v
-
MD5
72b50893859c54ab44784c588a1bd8aa
-
SHA1
4b08267dfb6decaac1188362fcd43af9b4eee6c7
-
SHA256
573a6764daf6d5a68c60b0ed549659b4504d858f111589c92d75ffd5420ef18f
-
SHA512
5af3ad3737e705cc28c6d52fe3fa7829ddbba0e06a1ff1b1e8bce23fb41d0705fc97ae7354d412619e56dee8340b9f7c23a088362398d7479e155ea1157b8787
-
SSDEEP
3072:Mx20vlI9JI5sBfsPwj1/9+VXKgOj8sSmrm3NaBiS5KltLspxrCO+rpTdZxuGQup:OG849+VXKgOjLMNaBiSkltLy5p+r5Au
Malware Config
Targets
-
-
Target
573a6764daf6d5a68c60b0ed549659b4504d858f111589c92d75ffd5420ef18f
-
Size
272KB
-
MD5
72b50893859c54ab44784c588a1bd8aa
-
SHA1
4b08267dfb6decaac1188362fcd43af9b4eee6c7
-
SHA256
573a6764daf6d5a68c60b0ed549659b4504d858f111589c92d75ffd5420ef18f
-
SHA512
5af3ad3737e705cc28c6d52fe3fa7829ddbba0e06a1ff1b1e8bce23fb41d0705fc97ae7354d412619e56dee8340b9f7c23a088362398d7479e155ea1157b8787
-
SSDEEP
3072:Mx20vlI9JI5sBfsPwj1/9+VXKgOj8sSmrm3NaBiS5KltLspxrCO+rpTdZxuGQup:OG849+VXKgOjLMNaBiSkltLy5p+r5Au
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-