General
-
Target
dfb07354f575f3841277b2dd7869bdf2
-
Size
123KB
-
Sample
240326-vtjnaafb95
-
MD5
dfb07354f575f3841277b2dd7869bdf2
-
SHA1
8d632de468bb3aef6d52301e84bcd37b661d7a7a
-
SHA256
3a79c44dd9ce02787897abfa6957c5adb5421539de6466a21a9f35b54e2e5aab
-
SHA512
3bcf29a3aa3b264e00b712467d5064cc9d13ca166e95a187c617300221586bbf3d2b5023253551dcbb08e08fd711e6f7a05b712173bae1de90e075ef483c434e
-
SSDEEP
3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLKJkHGD9Me:OVYrJrOSsRwcpcks91
Malware Config
Targets
-
-
Target
dfb07354f575f3841277b2dd7869bdf2
-
Size
123KB
-
MD5
dfb07354f575f3841277b2dd7869bdf2
-
SHA1
8d632de468bb3aef6d52301e84bcd37b661d7a7a
-
SHA256
3a79c44dd9ce02787897abfa6957c5adb5421539de6466a21a9f35b54e2e5aab
-
SHA512
3bcf29a3aa3b264e00b712467d5064cc9d13ca166e95a187c617300221586bbf3d2b5023253551dcbb08e08fd711e6f7a05b712173bae1de90e075ef483c434e
-
SSDEEP
3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLKJkHGD9Me:OVYrJrOSsRwcpcks91
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-