General
-
Target
7f77f63fe8f367826e275561b4bbb4d61e76acea2e7f91a46309e94841463ae9
-
Size
146KB
-
Sample
221203-yjne9seb6y
-
MD5
4311f2bb1093b96e4d164eb61b225d70
-
SHA1
3e10674fdb31283f2c04d22eaefefe99506f7b49
-
SHA256
7f77f63fe8f367826e275561b4bbb4d61e76acea2e7f91a46309e94841463ae9
-
SHA512
88a44ff41737e22c5b31407da49897e624b438fae63e750779417cef9d2e769e31f40d2b58584f4b32a1bf4c8fb9bc325e57540e2fbc5daeb9941986277f14da
-
SSDEEP
1536:MSTlTk5lUYTm5ROxwGYacWxA2I2Q1HX1+f3ayVC7V5RTHIz6OmaOPCzrgNZMLb7R:PlYFmWyGe2IjHXgfKyVEXjwzjLbKYuq
Malware Config
Targets
-
-
Target
7f77f63fe8f367826e275561b4bbb4d61e76acea2e7f91a46309e94841463ae9
-
Size
146KB
-
MD5
4311f2bb1093b96e4d164eb61b225d70
-
SHA1
3e10674fdb31283f2c04d22eaefefe99506f7b49
-
SHA256
7f77f63fe8f367826e275561b4bbb4d61e76acea2e7f91a46309e94841463ae9
-
SHA512
88a44ff41737e22c5b31407da49897e624b438fae63e750779417cef9d2e769e31f40d2b58584f4b32a1bf4c8fb9bc325e57540e2fbc5daeb9941986277f14da
-
SSDEEP
1536:MSTlTk5lUYTm5ROxwGYacWxA2I2Q1HX1+f3ayVC7V5RTHIz6OmaOPCzrgNZMLb7R:PlYFmWyGe2IjHXgfKyVEXjwzjLbKYuq
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-