General

  • Target

    a17f19264514c6e5daac3c6ccba01c13eadc70ca192966d8d7086ded9abee247

  • Size

    532KB

  • Sample

    221010-3zq9bafacm

  • MD5

    69c9d392c349764a7e227ae9267264ff

  • SHA1

    66c9889b47f4f3ecce4f1be74bc7d8e51895f863

  • SHA256

    a17f19264514c6e5daac3c6ccba01c13eadc70ca192966d8d7086ded9abee247

  • SHA512

    4323c8064b853d5968449a2485b3fd7f94ca95038ab6869ae3c02be5d1c57c9be7f9230d025f54d22f28489c98b566fa4a6a00b2b170d29dc84dcee1d1438c72

  • SSDEEP

    6144:9a8YZ8iZn6WmL5jfd2LY83nst0EmcvZ2b9uN1JK5RlEo/:kMWwpiYO8ycB2b9uN1mCo

Malware Config

Targets

    • Target

      a17f19264514c6e5daac3c6ccba01c13eadc70ca192966d8d7086ded9abee247

    • Size

      532KB

    • MD5

      69c9d392c349764a7e227ae9267264ff

    • SHA1

      66c9889b47f4f3ecce4f1be74bc7d8e51895f863

    • SHA256

      a17f19264514c6e5daac3c6ccba01c13eadc70ca192966d8d7086ded9abee247

    • SHA512

      4323c8064b853d5968449a2485b3fd7f94ca95038ab6869ae3c02be5d1c57c9be7f9230d025f54d22f28489c98b566fa4a6a00b2b170d29dc84dcee1d1438c72

    • SSDEEP

      6144:9a8YZ8iZn6WmL5jfd2LY83nst0EmcvZ2b9uN1JK5RlEo/:kMWwpiYO8ycB2b9uN1mCo

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Windows security bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks