General
-
Target
5a1e3b440985b82220b69ed4d3f6e633c6cf312aa1e99fdb98c5846311f2dc38
-
Size
88KB
-
Sample
221203-yhyvlsac97
-
MD5
4298f89508009f412d73e51dfafdb290
-
SHA1
344c43bd283d823b5f3a2ca0cd022c4be004dd51
-
SHA256
5a1e3b440985b82220b69ed4d3f6e633c6cf312aa1e99fdb98c5846311f2dc38
-
SHA512
06b6046af5899463fdeba27554e507b1af7aa8de950e3460baf2714df450624a7ed1326ad37f1d350a7a298b1b078723ba0c41a66a3d8adfc2ece285a7b7252e
-
SSDEEP
1536:ijxcq7INnm0o2tkqEZ3UCw4Gvefu+kwzz7dRc9MDESNUmqWW0:Dq7IBm2tEn9fuuRc9GLZO0
Malware Config
Targets
-
-
Target
5a1e3b440985b82220b69ed4d3f6e633c6cf312aa1e99fdb98c5846311f2dc38
-
Size
88KB
-
MD5
4298f89508009f412d73e51dfafdb290
-
SHA1
344c43bd283d823b5f3a2ca0cd022c4be004dd51
-
SHA256
5a1e3b440985b82220b69ed4d3f6e633c6cf312aa1e99fdb98c5846311f2dc38
-
SHA512
06b6046af5899463fdeba27554e507b1af7aa8de950e3460baf2714df450624a7ed1326ad37f1d350a7a298b1b078723ba0c41a66a3d8adfc2ece285a7b7252e
-
SSDEEP
1536:ijxcq7INnm0o2tkqEZ3UCw4Gvefu+kwzz7dRc9MDESNUmqWW0:Dq7IBm2tEn9fuuRc9GLZO0
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-