General
-
Target
sample
-
Size
19KB
-
Sample
240502-x1d3gsgc23
-
MD5
254a49b8e340c86d345b3613bc6427b1
-
SHA1
881475b7753f560b181e3a02072af552d257e3c0
-
SHA256
a635bcbe92a0ce6e34d87e8e8685b2b193a5f9f9ef57d52380464add95d511f3
-
SHA512
6ab6fa4994a7b46c3f09aabab4c62960e1abe1ad3efbf627a33b1e4822a2c187d8021508e8f8e07936d0d5f4b15cac12a74679852ba2584554de3ca1304b2cd0
-
SSDEEP
384:raN579vDpmReVoOs4ni9ylKeGMpU8Hhhb1DM7DS2LjMrSA+xzIJCgMmVn:raD9vBVoOs4nmyI1M9BhbJ6TMrSfsJ2Y
Malware Config
Targets
-
-
Target
sample
-
Size
19KB
-
MD5
254a49b8e340c86d345b3613bc6427b1
-
SHA1
881475b7753f560b181e3a02072af552d257e3c0
-
SHA256
a635bcbe92a0ce6e34d87e8e8685b2b193a5f9f9ef57d52380464add95d511f3
-
SHA512
6ab6fa4994a7b46c3f09aabab4c62960e1abe1ad3efbf627a33b1e4822a2c187d8021508e8f8e07936d0d5f4b15cac12a74679852ba2584554de3ca1304b2cd0
-
SSDEEP
384:raN579vDpmReVoOs4ni9ylKeGMpU8Hhhb1DM7DS2LjMrSA+xzIJCgMmVn:raD9vBVoOs4nmyI1M9BhbJ6TMrSfsJ2Y
Score10/10-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-