General
-
Target
0c8c54fdd4059466eb4867c961d032351642ade27d8f3d79c46caf075394384aN
-
Size
345KB
-
Sample
241004-kfnpzatgll
-
MD5
c9e80445f0a257960d42c65b5a4383b0
-
SHA1
3473ccc4a88c86af20a4a7d8747926f487dc5ee3
-
SHA256
0c8c54fdd4059466eb4867c961d032351642ade27d8f3d79c46caf075394384a
-
SHA512
5c4af77b3f8db27e41682ae955b67257cde878ba6d33c3f50743903a710f600129a85fa9ec13436630df00d1b78b498f923543dfcc933dcc244f0b1c5deb3348
-
SSDEEP
3072:Kg9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxS9I:YeC4EwZFoobUk8qp0qpgogZfpjkNYLb
Malware Config
Targets
-
-
Target
0c8c54fdd4059466eb4867c961d032351642ade27d8f3d79c46caf075394384aN
-
Size
345KB
-
MD5
c9e80445f0a257960d42c65b5a4383b0
-
SHA1
3473ccc4a88c86af20a4a7d8747926f487dc5ee3
-
SHA256
0c8c54fdd4059466eb4867c961d032351642ade27d8f3d79c46caf075394384a
-
SHA512
5c4af77b3f8db27e41682ae955b67257cde878ba6d33c3f50743903a710f600129a85fa9ec13436630df00d1b78b498f923543dfcc933dcc244f0b1c5deb3348
-
SSDEEP
3072:Kg9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxS9I:YeC4EwZFoobUk8qp0qpgogZfpjkNYLb
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-