General
-
Target
4341168de78d019ee7b5f79abe33eef14b80e8bb6894290ccc6abd475ee65831
-
Size
147KB
-
Sample
221203-x6s4lahc48
-
MD5
1692239ec0f4902a4c7af04f5f410080
-
SHA1
6e2fd9f6fdc670f5cee252f60579c060bf97cdcd
-
SHA256
4341168de78d019ee7b5f79abe33eef14b80e8bb6894290ccc6abd475ee65831
-
SHA512
29df2403ac50c9e4baff0157a80b3fa734657e6eff479272312832997b48d4d2ff0eddb4ae6968221150a5fc2a548aeb8cf6187d8f7687b605e6cd236d9ebf57
-
SSDEEP
3072:B56HRt8BdiEICv2gHcKlb7spLfQvmc6RV8:uRrhe9sV9c6
Malware Config
Targets
-
-
Target
4341168de78d019ee7b5f79abe33eef14b80e8bb6894290ccc6abd475ee65831
-
Size
147KB
-
MD5
1692239ec0f4902a4c7af04f5f410080
-
SHA1
6e2fd9f6fdc670f5cee252f60579c060bf97cdcd
-
SHA256
4341168de78d019ee7b5f79abe33eef14b80e8bb6894290ccc6abd475ee65831
-
SHA512
29df2403ac50c9e4baff0157a80b3fa734657e6eff479272312832997b48d4d2ff0eddb4ae6968221150a5fc2a548aeb8cf6187d8f7687b605e6cd236d9ebf57
-
SSDEEP
3072:B56HRt8BdiEICv2gHcKlb7spLfQvmc6RV8:uRrhe9sV9c6
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-