General
-
Target
c1e35c266d972b847212dbeb15073683f565987ccf3c75694ab31cfa4121b1a5
-
Size
136KB
-
Sample
221202-hbjt4sbg99
-
MD5
2cd2314d24d592f21aa9e868775a2100
-
SHA1
e53b8d153f34a5f74403abd79ea1b8bbd0b3a4e1
-
SHA256
c1e35c266d972b847212dbeb15073683f565987ccf3c75694ab31cfa4121b1a5
-
SHA512
721f3194de75951e61e0187a4a3cb890f11f9a82b7e198c5b0e7db30cd0389b72330cb036fd6e5f2c67ac126c4826f3cabfd33f61d6b90a19108c24b7f822ff8
-
SSDEEP
3072:j2RIGIvTsWxvyVFUo8HoglZg0XSU2SZulD:yaGc4Wxvy7UTogAdS
Malware Config
Targets
-
-
Target
c1e35c266d972b847212dbeb15073683f565987ccf3c75694ab31cfa4121b1a5
-
Size
136KB
-
MD5
2cd2314d24d592f21aa9e868775a2100
-
SHA1
e53b8d153f34a5f74403abd79ea1b8bbd0b3a4e1
-
SHA256
c1e35c266d972b847212dbeb15073683f565987ccf3c75694ab31cfa4121b1a5
-
SHA512
721f3194de75951e61e0187a4a3cb890f11f9a82b7e198c5b0e7db30cd0389b72330cb036fd6e5f2c67ac126c4826f3cabfd33f61d6b90a19108c24b7f822ff8
-
SSDEEP
3072:j2RIGIvTsWxvyVFUo8HoglZg0XSU2SZulD:yaGc4Wxvy7UTogAdS
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-