General
-
Target
cf1bbe82f2f1d2ea42a160f1e3a3ce8ec5bc4fc3346ad956e848556614a14e79
-
Size
88KB
-
Sample
221201-2jm2aaha36
-
MD5
2bf965f682dfae8be889a0b9fc2cb8c0
-
SHA1
ffdd267feeea20a08e5107711e30e6d3e156618b
-
SHA256
cf1bbe82f2f1d2ea42a160f1e3a3ce8ec5bc4fc3346ad956e848556614a14e79
-
SHA512
f3285eb7e98d1e26796872dc09a53f88d3cb09d820b7d92c9e7a0451013f0c3f4499f724d0a9a42e4668a72bbb82fbf15806e19f6a57bb06ce4c2e2dbeccb6fd
-
SSDEEP
1536:rF9q47OGdbgw2YQhW0iv8QkeUzQqR4bQ/dnbIxmTr4tVcl4vrrsLL:h9H/dbR2YQhW0iven4bKbxr8cKvUL
Malware Config
Targets
-
-
Target
cf1bbe82f2f1d2ea42a160f1e3a3ce8ec5bc4fc3346ad956e848556614a14e79
-
Size
88KB
-
MD5
2bf965f682dfae8be889a0b9fc2cb8c0
-
SHA1
ffdd267feeea20a08e5107711e30e6d3e156618b
-
SHA256
cf1bbe82f2f1d2ea42a160f1e3a3ce8ec5bc4fc3346ad956e848556614a14e79
-
SHA512
f3285eb7e98d1e26796872dc09a53f88d3cb09d820b7d92c9e7a0451013f0c3f4499f724d0a9a42e4668a72bbb82fbf15806e19f6a57bb06ce4c2e2dbeccb6fd
-
SSDEEP
1536:rF9q47OGdbgw2YQhW0iv8QkeUzQqR4bQ/dnbIxmTr4tVcl4vrrsLL:h9H/dbR2YQhW0iven4bKbxr8cKvUL
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-