General
-
Target
859f2c2f335b7de5c079f06bebc040557d7b4564aa89c5c2c9c0d6a72dd2d32a
-
Size
534KB
-
Sample
221206-sh8f6ahc74
-
MD5
cff7ae721a6fbe25f8dded7921beeae7
-
SHA1
fd2408113833f1ae10caba36cf48a276d22da489
-
SHA256
859f2c2f335b7de5c079f06bebc040557d7b4564aa89c5c2c9c0d6a72dd2d32a
-
SHA512
2479aaa204105b002cfde67f320b7cc0c3a392067845c4f44f482a34603820d4aeb8dfc7742751013bc22b231edfbb83b3c9784c60c7274d20c6d0422e7c6170
-
SSDEEP
12288:xo3AEtmcPPhtWHoTpS6glPTWZyeYOUgavBR+QSXdFT5HhQ:xQTscPptWHapSHlPyZyeYOUgavrStFdm
Malware Config
Targets
-
-
Target
859f2c2f335b7de5c079f06bebc040557d7b4564aa89c5c2c9c0d6a72dd2d32a
-
Size
534KB
-
MD5
cff7ae721a6fbe25f8dded7921beeae7
-
SHA1
fd2408113833f1ae10caba36cf48a276d22da489
-
SHA256
859f2c2f335b7de5c079f06bebc040557d7b4564aa89c5c2c9c0d6a72dd2d32a
-
SHA512
2479aaa204105b002cfde67f320b7cc0c3a392067845c4f44f482a34603820d4aeb8dfc7742751013bc22b231edfbb83b3c9784c60c7274d20c6d0422e7c6170
-
SSDEEP
12288:xo3AEtmcPPhtWHoTpS6glPTWZyeYOUgavBR+QSXdFT5HhQ:xQTscPptWHapSHlPyZyeYOUgavrStFdm
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-