General
-
Target
a06bf3c634d163fb9af4fa16a2573bf204cc5d37f395d9c333fd0d1503e021be
-
Size
96KB
-
Sample
221203-fqr3xsga63
-
MD5
9bf013b618fff78ef8a428d3dbdc16c0
-
SHA1
d15d88e5a4945a5ad64739865e6c012c2e6ea976
-
SHA256
a06bf3c634d163fb9af4fa16a2573bf204cc5d37f395d9c333fd0d1503e021be
-
SHA512
f2ba5ed283fe20cc5f2b7ec10cfceb9284341ed379a5eda3428bc1f655b17b7e2f41a8a0c9a28218cecd3193c08328911749b53c8d26ba6332c6b8bf7185a763
-
SSDEEP
1536:0O6/l1TwFJW1p++yX43zRKLD8tocP5OaH6QfUHkwrEVnLJX+I+ojQKAd9dCEG:W/HGOpfyX43gkh5d6QfUH9EVnZ1jQKAS
Malware Config
Targets
-
-
Target
a06bf3c634d163fb9af4fa16a2573bf204cc5d37f395d9c333fd0d1503e021be
-
Size
96KB
-
MD5
9bf013b618fff78ef8a428d3dbdc16c0
-
SHA1
d15d88e5a4945a5ad64739865e6c012c2e6ea976
-
SHA256
a06bf3c634d163fb9af4fa16a2573bf204cc5d37f395d9c333fd0d1503e021be
-
SHA512
f2ba5ed283fe20cc5f2b7ec10cfceb9284341ed379a5eda3428bc1f655b17b7e2f41a8a0c9a28218cecd3193c08328911749b53c8d26ba6332c6b8bf7185a763
-
SSDEEP
1536:0O6/l1TwFJW1p++yX43zRKLD8tocP5OaH6QfUHkwrEVnLJX+I+ojQKAd9dCEG:W/HGOpfyX43gkh5d6QfUH9EVnZ1jQKAS
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-