General
-
Target
WinX.zip
-
Size
11KB
-
Sample
240829-wb1dravglj
-
MD5
6dbf16edb70ac33ddbe61afed24112ff
-
SHA1
9d08b83798821ebee4637e3bcb66067cc5343e5e
-
SHA256
4a15862e3e915052a502f2c37459aa5a581855fbf4e35346403992a36ded6a53
-
SHA512
8464e95266b79d1b8451d52ad21b81b392b8ef7f798f598725e33c5705f63babdea746c5511d7dffe227e20ba962066897a87082f4d27ac0a3e107ace1ee27f9
-
SSDEEP
192:/RJZZTHUuaghrOhxnbjwnz6E1MK2ZR0q43Nir3hNTolJSmTNRayqXM7woAEdYk51:/7ZZA4OhN4ZGxcYrcbeKD
Malware Config
Targets
-
-
Target
WinX/Group1/1 - Desktop.lnk
-
Size
1KB
-
MD5
fb99c516cba2f334dd31dbfae0a1b9a7
-
SHA1
8063d824fa4163200fac5258e9ba79d18849e4f1
-
SHA256
2f1cb8a49833e7b9083bdc26a9931f8eef57c4068a5a4177e596d0c6ae04b3b8
-
SHA512
876af1eb1907010f2951938a42e743bfed93e0dd06e111b1667d9d08f445be166e88a13567af53cbb46273aa0cc54ed1824755ab65822b4315fa48d567095d95
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group2/1 - Run.lnk
-
Size
1KB
-
MD5
b563f4d5e49d52ec85c83c2dd1d52a44
-
SHA1
2e1f159f61c0caeb393bfe454b5638f19151e0e4
-
SHA256
d76c0bf591ba79448e5c385c8f8776ba3355c53ffcca13471f26ed83cc8f277f
-
SHA512
366091f3548243b4bad9d19cea728d58e3e3da3ddae92f34601a7742faad6845e4f1596141c29ab3c9c5bc738a23b4d0319bffff57d9a203fd57ec35acafd41a
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group2/2 - Search.lnk
-
Size
1KB
-
MD5
c5366879141b580c4d525e5641ac19c3
-
SHA1
510d0e63acaed1977cf778ca89d0d68e0ff987f6
-
SHA256
d12d6ae977c7a5c55f9c7f622e01c0bfc153c4578fd06417f293918c3e4d7608
-
SHA512
c06743836712fa9e51a0a78cd0f169af7e975a144d19a0c2511181546701fefefcd88924908f48532e87b90f483691318a2dd33b09484a431fc83491eb80035a
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group2/3 - Windows Explorer.lnk
-
Size
1KB
-
MD5
5aeef797f4ce51683f3321c337ae9d85
-
SHA1
9255e9042d130c504645a64beed00d4a4c233fd8
-
SHA256
2b7827fa8f8b2e19a10da8c5b0c744d064a077bde7347153767c16191eb272fe
-
SHA512
49d056768d4724f4591e59917cd0c979146b37746f7a549ed017ea6c0d96dd18af9e8c4304e010ae1af14311ba9a78c7ebe9759f50f3037fe3b5cb4d4c8c7064
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group2/4 - Control Panel.lnk
-
Size
1KB
-
MD5
eb34fbc2cea6bdd695becc79bb33d6f0
-
SHA1
483d7910d5318a60d7cd4d8d40cc4931d8bb28cc
-
SHA256
7410d3bfdb7074fc067e2c46a9eeee283460cc988de050b3c51c355b862f1cb8
-
SHA512
f3f8b8a526c35ac9fda7c2cca4d79bbcbcbab22dd041bed413cabd6465bd62c3c1adc1d95cc700f3b133f3379542804448008414bee273bd952ebf69c1808fc6
Score3/10 -
-
-
Target
WinX/Group2/5 - Task Manager.lnk
-
Size
1021B
-
MD5
85d7b0780dc8d2c7cce07c3bceec77d3
-
SHA1
d175a44b914a09e7669f2320fba95da38a3a3d46
-
SHA256
0a0af9074902ca19fdbd8636cbadb4f705a4a53459623759d30e5409e6c36427
-
SHA512
4a82d1da2dc21423cc406bba94f4c134a5ea695635c45036a2c874243c69a75248a695738bbb927a2a4967817525364a95c5eafa81f837359c987c1af11d59f4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group3/01a - Windows PowerShell.lnk
-
Size
1KB
-
MD5
ebc5f4a2033c997d9f9e02cef2986849
-
SHA1
38034a586a9a983fc4b985506783cb5c50039b50
-
SHA256
1be53c200a0512ba43d8f40913414118dcda46a52b166373c29520c0eddae763
-
SHA512
a648d6b289455935289af859ff934c77a791b3434afe23b0a3912c60abd8673c1e3315c2de2b49ad3025312e0a374383bfbcaeac7983eea0c006bb0c7d2db649
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group3/02a - Windows PowerShell.lnk
-
Size
1KB
-
MD5
d5b52ede9f653f2c764d2fc5b680db5d
-
SHA1
3d371555495a54fd5ba624a6e0f5671f8743eb35
-
SHA256
60b441d7515a3fa87f0387663b465400b36764bc5d56ed3393345da72e6c2559
-
SHA512
b7e929d95cebb94c5687a764171a8c0ca6edf866541182eff3a26f58327c813dcc7fbf4655f5671036321ac39a04c761e128a38dfa5225614f74cc7f0e0f0cac
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
WinX/Group3/03 - Computer Management.lnk
-
Size
1015B
-
MD5
9a97b14f7c8afce0719afa743637b11b
-
SHA1
19c31a264f1710932e0ac3da1fa2f5965efd0422
-
SHA256
202e0982144fd00796349081ae26d95a96523eab7b3adae696ec46dfe1fd56cd
-
SHA512
6a29cf52110e18bac5c4d877cce55a0de017ccb20ceaac847ba5c30f7f76bf51fcc252e636a9a7c991f44385a86dc5712e1d523bc3b08585a7441cfce34c1d2d
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
WinX/Group3/04 - Disk Management.lnk
-
Size
1015B
-
MD5
c17a68b75f528c05f77d35276ee593d7
-
SHA1
4614ac551118c8f3423d83660c2356ea621e455d
-
SHA256
d3f75300b0fb4b87609cf2259a5ee4dac769918abc70f93bd6b2192ba2efe95b
-
SHA512
9da3337d5de5777b95210ef51831d587bd06a9a29a7a8b22f0aa1e74861449599d2e47ad232e6f707dc1cfa5e14a01cff447d72b950bd3f03fc7d3eadfa3fbf4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
WinX/Group3/04-1 - NetworkStatus.lnk
-
Size
1KB
-
MD5
353c6c0e5910988d7280c782e4ce2d42
-
SHA1
9ec28166c807c3a550a5d30f695f906639cb3303
-
SHA256
69c8cc2e411da381d791b6a4b0cd7e776ce4e8db84b5539fb6c9e8d4938600f6
-
SHA512
6048fbfaafa4964dce02b12ade9fd470682f02a2b7f21994c5c9c635da5131c4a4252adbe8e3925bd02b15a2e34facaf0db44cf8816d49915bb2f72482953f3b
Score3/10 -
-
-
Target
WinX/Group3/05 - Device Manager.lnk
-
Size
1KB
-
MD5
3f72e09755a27abf3293f20c512699e5
-
SHA1
cba8433ccdd99437530efadc288392315c1a00a4
-
SHA256
114cea7ba8fa1dd3141d64bb728337e78e4a3de7577d674eed53bab5a9d48b3f
-
SHA512
f9c426700a4cc4b8f55d05a5d119678839d6c1b33568781b9113667cccfa4608e79a4a01dce46b397959f77b4e66b370b0ed75ca8274b0831d3ef1a5069a9387
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
WinX/Group3/06 - SystemAbout.lnk
-
Size
1KB
-
MD5
bcfdf86ed5e3752aef4afbcbf67b269c
-
SHA1
6a5398577f6058ba2b57a17006a5843f290e8186
-
SHA256
af1632380630da749eee8aec4605e4d01bc9fd1b00e26f549b09b980e19a10e7
-
SHA512
abc6ea6b6f98212eabb306f55a9379912a8e3f204ad0bac2c936b25079a788b5441e71194e7dde1283461cae4303aeeb5d7ba56d9a0a935ceda304d9fc0dd455
Score3/10 -
-
-
Target
WinX/Group3/07 - Event Viewer.lnk
-
Size
1015B
-
MD5
37cef1a4002761c06890417f603c32cf
-
SHA1
828b4a8021faba52a2efce55c56318dbd9c9b2dd
-
SHA256
60e2965c8f44800f649a9555b713e0d703423445f21ecc23bbab148fcba677d5
-
SHA512
274762a0849dbe230b135070a2cc76d9a5b7309be649e480cc89d877ec29fde8a9f4d9ccad51e578dd0d06ba3cc20b6fae94e2d586adad45f01da1ad29ef41d6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
WinX/Group3/08 - PowerAndSleep.lnk
-
Size
1KB
-
MD5
c0be3fac635a8226f9c7ccd8cb997018
-
SHA1
6775ae7c8288710dd65631eb29194f9ac602ea89
-
SHA256
00fca23822044ad16f27b693e7b3b7c7ff5a32893b716cc78f77504a5be4f9ef
-
SHA512
07482da050ed627e0a45677be122e51125ab7e9b11d4a0a2bdf198ed13e583d1fc4cd14c0abd17b4485df3dd3379cec8753ba87b8c7ecf6a5e5d43406ace1250
Score3/10 -
-
-
Target
WinX/Group3/09 - Mobility Center.lnk
-
Size
1015B
-
MD5
0119951faf38c936b4a02a5abe830c6b
-
SHA1
485c73b3119c55315484626d345293ff424debd3
-
SHA256
1456cc5ca4883f0853c9eadbefc27fd7e13669387cbf446dc4b5f6a9ca02e53a
-
SHA512
a4198f202e0e155b7ecc37d8f73085b2554f73474cc03726e7188f74932232c02df045054faddbf1f2d6842760703575d625b17a7e4fc80c391b256c1bd4bb91
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-