General
-
Target
ddfbe52e121a54390cd2a4966b3c991b
-
Size
454KB
-
Sample
240325-peb21aac2x
-
MD5
ddfbe52e121a54390cd2a4966b3c991b
-
SHA1
e89bb7fdb552627ee6b2cd570351a05e90233f08
-
SHA256
863556ff60232cc0ba03d64e840b802ea35bd8afd0031fce289965445e072917
-
SHA512
c24548ef34d1dc27d3115220fb63640e44d17fb982f2c0f324e98f76fef0a878d9cd653f935e9f8cdf080f399bfddd431a92da1110126a9a506b3d062fd73478
-
SSDEEP
12288:Rp//VS1fyNomS6olwkJeBMMMnMMMMM/HwE6C7rRWkiUk:7/McNvh+MMnMMMMM/HL6C
Malware Config
Targets
-
-
Target
ddfbe52e121a54390cd2a4966b3c991b
-
Size
454KB
-
MD5
ddfbe52e121a54390cd2a4966b3c991b
-
SHA1
e89bb7fdb552627ee6b2cd570351a05e90233f08
-
SHA256
863556ff60232cc0ba03d64e840b802ea35bd8afd0031fce289965445e072917
-
SHA512
c24548ef34d1dc27d3115220fb63640e44d17fb982f2c0f324e98f76fef0a878d9cd653f935e9f8cdf080f399bfddd431a92da1110126a9a506b3d062fd73478
-
SSDEEP
12288:Rp//VS1fyNomS6olwkJeBMMMnMMMMM/HwE6C7rRWkiUk:7/McNvh+MMnMMMMM/HL6C
Score8/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-