General

  • Target

    4c6f4fd8ee358c34dfb02e1d7ed5c4b49863e9360780add0a87dddcc6a3e14af

  • Size

    66KB

  • Sample

    220918-2nzwmsdca7

  • MD5

    34e6dca3eec88abc059b7bf18a717927

  • SHA1

    4a781a72ab32e86da89a914d423d1bfe8af03248

  • SHA256

    4c6f4fd8ee358c34dfb02e1d7ed5c4b49863e9360780add0a87dddcc6a3e14af

  • SHA512

    5a2fcb1ebcdc813f39ec4c14581a8c15f0912e4554d69b11d2143a527e8ed7d9f1a378b56f1756c11092e3f3b3590272a2737196adb6ed30054a031d6e5ccb18

  • SSDEEP

    1536:UAhTyTTFQNC13U4rtnDb4tmJDOVogqb+VjnF0fUlxig8/xVd:ZhT2137DYmJlHbUj9cg8/B

Score
8/10

Malware Config

Targets

    • Target

      4c6f4fd8ee358c34dfb02e1d7ed5c4b49863e9360780add0a87dddcc6a3e14af

    • Size

      66KB

    • MD5

      34e6dca3eec88abc059b7bf18a717927

    • SHA1

      4a781a72ab32e86da89a914d423d1bfe8af03248

    • SHA256

      4c6f4fd8ee358c34dfb02e1d7ed5c4b49863e9360780add0a87dddcc6a3e14af

    • SHA512

      5a2fcb1ebcdc813f39ec4c14581a8c15f0912e4554d69b11d2143a527e8ed7d9f1a378b56f1756c11092e3f3b3590272a2737196adb6ed30054a031d6e5ccb18

    • SSDEEP

      1536:UAhTyTTFQNC13U4rtnDb4tmJDOVogqb+VjnF0fUlxig8/xVd:ZhT2137DYmJlHbUj9cg8/B

    Score
    8/10
    • Executes dropped EXE

    • Possible privilege escalation attempt

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Permissions Modification

1
T1222

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks