General
-
Target
d0a232eadd492f1791cb584a35bf8026fc78230a16c1dfa6392a398a04b2ba90
-
Size
140KB
-
Sample
221203-xs64asgb59
-
MD5
684edc12bd98f9c13185d35d06d91510
-
SHA1
24ad0bebfb31a376dc896c7014426e9627629757
-
SHA256
d0a232eadd492f1791cb584a35bf8026fc78230a16c1dfa6392a398a04b2ba90
-
SHA512
3856d7c7d51c2e95c5a3dd5d483b3bc786b97ecc4bb47ee99441e38eb0c99d862cf988e10d7b6b15595bce402a061249d20eb228cd38cdfc74a30ea3e959deb8
-
SSDEEP
1536:26L0EBRh7jdkhV1ScqgxeVS1TLzL06D4o2+a+JToPu7Z4wmg0LexUQ9HtWjRnP3f:26DSGUeVCLf0662JcPkSg0tO8KGT
Malware Config
Targets
-
-
Target
d0a232eadd492f1791cb584a35bf8026fc78230a16c1dfa6392a398a04b2ba90
-
Size
140KB
-
MD5
684edc12bd98f9c13185d35d06d91510
-
SHA1
24ad0bebfb31a376dc896c7014426e9627629757
-
SHA256
d0a232eadd492f1791cb584a35bf8026fc78230a16c1dfa6392a398a04b2ba90
-
SHA512
3856d7c7d51c2e95c5a3dd5d483b3bc786b97ecc4bb47ee99441e38eb0c99d862cf988e10d7b6b15595bce402a061249d20eb228cd38cdfc74a30ea3e959deb8
-
SSDEEP
1536:26L0EBRh7jdkhV1ScqgxeVS1TLzL06D4o2+a+JToPu7Z4wmg0LexUQ9HtWjRnP3f:26DSGUeVCLf0662JcPkSg0tO8KGT
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-