General
-
Target
fd82beed28a41ab421005a05069972a81f298f6dea9a81e9a0bda69d98451d69
-
Size
92KB
-
Sample
221203-yjjgbaad58
-
MD5
0cbb5d28448f7d17168d99f8101ab5e0
-
SHA1
06b9e219ac0c5c879f5aa643405c9327f5dbced2
-
SHA256
fd82beed28a41ab421005a05069972a81f298f6dea9a81e9a0bda69d98451d69
-
SHA512
eede7c16ce1b2b4bf210743987fbf2a87ef66b7cf8f24353b7df27bb645ec5efbd72da2447ba76057989669227011bddb69ddaf9cd7e7d0bbd4d75a6847734fe
-
SSDEEP
1536:qopGBPtNXuX0l2bz20S5TvgtBrdeY6bRqZNKTtQCSbCMGO2AB7sw:8LcX0l2bzZS5LgtBd1QnTSCjFI4w
Malware Config
Targets
-
-
Target
fd82beed28a41ab421005a05069972a81f298f6dea9a81e9a0bda69d98451d69
-
Size
92KB
-
MD5
0cbb5d28448f7d17168d99f8101ab5e0
-
SHA1
06b9e219ac0c5c879f5aa643405c9327f5dbced2
-
SHA256
fd82beed28a41ab421005a05069972a81f298f6dea9a81e9a0bda69d98451d69
-
SHA512
eede7c16ce1b2b4bf210743987fbf2a87ef66b7cf8f24353b7df27bb645ec5efbd72da2447ba76057989669227011bddb69ddaf9cd7e7d0bbd4d75a6847734fe
-
SSDEEP
1536:qopGBPtNXuX0l2bz20S5TvgtBrdeY6bRqZNKTtQCSbCMGO2AB7sw:8LcX0l2bzZS5LgtBd1QnTSCjFI4w
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-