General
-
Target
SystemUtilities.exe
-
Size
7.8MB
-
Sample
230119-vrhm7sgf75
-
MD5
133af41cfec522b7f583fcf77be37b1a
-
SHA1
50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0
-
SHA256
cc8aadd479d95364429457b2911f166f48c396bee21e5a77316101674b0ad8f1
-
SHA512
714baab2cbc51069b1c3cd47531727916ab9405174021ae2dbe2eabebe96e6abc77fef8b4f4ceccac61eff70487f10e87208294f58f683964dee5830d504b64d
-
SSDEEP
196608:JCXg6nbZkgUb74kWg/KrviA3YuC1HmkNCTcOPVftbnc:SgmZkr73SvQ7gkYT7Pttrc
Malware Config
Targets
-
-
Target
SystemUtilities.exe
-
Size
7.8MB
-
MD5
133af41cfec522b7f583fcf77be37b1a
-
SHA1
50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0
-
SHA256
cc8aadd479d95364429457b2911f166f48c396bee21e5a77316101674b0ad8f1
-
SHA512
714baab2cbc51069b1c3cd47531727916ab9405174021ae2dbe2eabebe96e6abc77fef8b4f4ceccac61eff70487f10e87208294f58f683964dee5830d504b64d
-
SSDEEP
196608:JCXg6nbZkgUb74kWg/KrviA3YuC1HmkNCTcOPVftbnc:SgmZkr73SvQ7gkYT7Pttrc
Score8/10-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-