General
-
Target
f50e963b0bd1300364f08decebdb2fd39dcb80fb1626db6f9dc13a94801c2004
-
Size
140KB
-
Sample
221129-vbvb3aag8x
-
MD5
178f314f1004b04ef0ce2924b4a1a1c0
-
SHA1
6c791603abb2263bd46352cf49237ad5df3d5eda
-
SHA256
f50e963b0bd1300364f08decebdb2fd39dcb80fb1626db6f9dc13a94801c2004
-
SHA512
a402e1a2e9f3b923d11f05163b0f693393c187bdb87057e3a29ebd46f7a389233b33aee1fec0b9b058e04523453eb3a84b0a43246b9e8c70c6006dd445a324bf
-
SSDEEP
1536:i6L0GBgh7rdkhVJXMFoyjHqvd50bbqemC/+onbQTM8rPN81ZNN2N2eeAUb9HtWjX:i6CSmieHMIrBEPN81ZNNi5ePV15m
Malware Config
Targets
-
-
Target
f50e963b0bd1300364f08decebdb2fd39dcb80fb1626db6f9dc13a94801c2004
-
Size
140KB
-
MD5
178f314f1004b04ef0ce2924b4a1a1c0
-
SHA1
6c791603abb2263bd46352cf49237ad5df3d5eda
-
SHA256
f50e963b0bd1300364f08decebdb2fd39dcb80fb1626db6f9dc13a94801c2004
-
SHA512
a402e1a2e9f3b923d11f05163b0f693393c187bdb87057e3a29ebd46f7a389233b33aee1fec0b9b058e04523453eb3a84b0a43246b9e8c70c6006dd445a324bf
-
SSDEEP
1536:i6L0GBgh7rdkhVJXMFoyjHqvd50bbqemC/+onbQTM8rPN81ZNN2N2eeAUb9HtWjX:i6CSmieHMIrBEPN81ZNNi5ePV15m
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-