General
-
Target
http_proxies.txt
-
Size
39KB
-
Sample
230322-d6bprsgf4x
-
MD5
1a819d7a726f63eb1b6b20f77d78dbd1
-
SHA1
54210bcc6516ab23bd8a6a91b5bdf3d6b0725783
-
SHA256
d8c48c5f7de9faac4aca292ccd654cd6dac87599e67060c597eff7f1dbc8126d
-
SHA512
5c6bcef667de907c1d38b6579c6b19e3d208fdc8ce58d6391e5cdc8c265293a8cae689111a7bd44d365ab4a58d759e05e6c08d37cef20e89e51b4abf0de876d0
-
SSDEEP
768:6cBvnm48ZjJXL/Nl/c4wcDIAV0nTVzdPFUauMFJu:6knm7DSXcN0nTN8puu
Malware Config
Targets
-
-
Target
http_proxies.txt
-
Size
39KB
-
MD5
1a819d7a726f63eb1b6b20f77d78dbd1
-
SHA1
54210bcc6516ab23bd8a6a91b5bdf3d6b0725783
-
SHA256
d8c48c5f7de9faac4aca292ccd654cd6dac87599e67060c597eff7f1dbc8126d
-
SHA512
5c6bcef667de907c1d38b6579c6b19e3d208fdc8ce58d6391e5cdc8c265293a8cae689111a7bd44d365ab4a58d759e05e6c08d37cef20e89e51b4abf0de876d0
-
SSDEEP
768:6cBvnm48ZjJXL/Nl/c4wcDIAV0nTVzdPFUauMFJu:6knm7DSXcN0nTN8puu
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-