General

  • Target

    6ef111387435ccbe22ffa93460e242ca9f09e0714a54cb5ba1b64bae3dccbc46

  • Size

    1.1MB

  • Sample

    220520-d3csnaaehr

  • MD5

    bac1ea7fc68e0b48245bf53996623233

  • SHA1

    3c9f2185b326fccca3c54ca7c5c4f588ecb95863

  • SHA256

    6ef111387435ccbe22ffa93460e242ca9f09e0714a54cb5ba1b64bae3dccbc46

  • SHA512

    7b7a9d2ce649ef6833ca287b20568abcebd51e70273f5eff61f227e2cc50677ffc74d4246695b09eb6e12728a36d36c061826aeae3160b016babf8254f998dbc

Malware Config

Targets

    • Target

      6ef111387435ccbe22ffa93460e242ca9f09e0714a54cb5ba1b64bae3dccbc46

    • Size

      1.1MB

    • MD5

      bac1ea7fc68e0b48245bf53996623233

    • SHA1

      3c9f2185b326fccca3c54ca7c5c4f588ecb95863

    • SHA256

      6ef111387435ccbe22ffa93460e242ca9f09e0714a54cb5ba1b64bae3dccbc46

    • SHA512

      7b7a9d2ce649ef6833ca287b20568abcebd51e70273f5eff61f227e2cc50677ffc74d4246695b09eb6e12728a36d36c061826aeae3160b016babf8254f998dbc

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks