General
-
Target
18b23ac00c10c6fdb2913c504a20a775d138af4c8de583cdc384c2a11d79acc0
-
Size
140KB
-
Sample
221203-x8d3fshd56
-
MD5
4579dd45d615ef0146ca3a95eaca87e0
-
SHA1
d98a4c3f655a428bb322b2ee19e6a50665fd0cbd
-
SHA256
18b23ac00c10c6fdb2913c504a20a775d138af4c8de583cdc384c2a11d79acc0
-
SHA512
f180bdd7f67f7b4921d818539f3a0e96e6ac099c22f4958b7ea1aa387d66a9473bb586dbf93b69c620939d269ddbd93ae3f846321daacb08be0fde5143c69ce2
-
SSDEEP
1536:66L0wBYh7pukhVH5offzSXDDThwp6kcdzZjP0ZKdSl7C812JoTviUY9HtWjRnPSp:66VSH52fzSzlxZjP0ZgSBZ2JMvBGNb
Malware Config
Targets
-
-
Target
18b23ac00c10c6fdb2913c504a20a775d138af4c8de583cdc384c2a11d79acc0
-
Size
140KB
-
MD5
4579dd45d615ef0146ca3a95eaca87e0
-
SHA1
d98a4c3f655a428bb322b2ee19e6a50665fd0cbd
-
SHA256
18b23ac00c10c6fdb2913c504a20a775d138af4c8de583cdc384c2a11d79acc0
-
SHA512
f180bdd7f67f7b4921d818539f3a0e96e6ac099c22f4958b7ea1aa387d66a9473bb586dbf93b69c620939d269ddbd93ae3f846321daacb08be0fde5143c69ce2
-
SSDEEP
1536:66L0wBYh7pukhVH5offzSXDDThwp6kcdzZjP0ZKdSl7C812JoTviUY9HtWjRnPSp:66VSH52fzSzlxZjP0ZgSBZ2JMvBGNb
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-