General
-
Target
426695d9db867d468caadae4c1498859
-
Size
112KB
-
Sample
231225-2593yagah9
-
MD5
426695d9db867d468caadae4c1498859
-
SHA1
a8dbe7dba405cc6dc106fb4e6d174e8650b770d5
-
SHA256
75edceaf202637ec12c9aac7bd0f5fb5a78e00eadaedf7564d44e67cf2214344
-
SHA512
cb1bc1eb989a6eebc525c592df7dd3ebb482d89ee9ea9a44b1a828d4a20d0ed1580479df5cc90e56fa912247d4e655e93581d7a7a29119bb560d1b9b28c1e050
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/DEA3:Zi+GaaeMfEqke/bo3l3
Malware Config
Targets
-
-
Target
426695d9db867d468caadae4c1498859
-
Size
112KB
-
MD5
426695d9db867d468caadae4c1498859
-
SHA1
a8dbe7dba405cc6dc106fb4e6d174e8650b770d5
-
SHA256
75edceaf202637ec12c9aac7bd0f5fb5a78e00eadaedf7564d44e67cf2214344
-
SHA512
cb1bc1eb989a6eebc525c592df7dd3ebb482d89ee9ea9a44b1a828d4a20d0ed1580479df5cc90e56fa912247d4e655e93581d7a7a29119bb560d1b9b28c1e050
-
SSDEEP
3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/DEA3:Zi+GaaeMfEqke/bo3l3
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-