General
-
Target
2407eb9b97801082bed93bd202ce28cf70d35c021901c1d9083896d3e51ea818
-
Size
592KB
-
Sample
221204-rc198aad6t
-
MD5
71881df6ca51aa48955b0102d57d1d08
-
SHA1
77651b24d165309cefa4a2662c2c4697641fbffe
-
SHA256
2407eb9b97801082bed93bd202ce28cf70d35c021901c1d9083896d3e51ea818
-
SHA512
47e189a29c9ee6b996d909ea8662f01b0fffc664c85ec3d49c32929eba5c2806632ae3728ff445f57602537cc2b8aa1c71a04279eda364ee682ba72945d498a1
-
SSDEEP
12288:J6onxOp8FySpE5zvIdtU+Ymefh6+X/l6+X/I:/wp8DozAdO9gg/Ug/I
Malware Config
Targets
-
-
Target
2407eb9b97801082bed93bd202ce28cf70d35c021901c1d9083896d3e51ea818
-
Size
592KB
-
MD5
71881df6ca51aa48955b0102d57d1d08
-
SHA1
77651b24d165309cefa4a2662c2c4697641fbffe
-
SHA256
2407eb9b97801082bed93bd202ce28cf70d35c021901c1d9083896d3e51ea818
-
SHA512
47e189a29c9ee6b996d909ea8662f01b0fffc664c85ec3d49c32929eba5c2806632ae3728ff445f57602537cc2b8aa1c71a04279eda364ee682ba72945d498a1
-
SSDEEP
12288:J6onxOp8FySpE5zvIdtU+Ymefh6+X/l6+X/I:/wp8DozAdO9gg/Ug/I
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-