General

  • Target

    5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e

  • Size

    1.1MB

  • Sample

    221123-lp7pwabh94

  • MD5

    c0472277dc8d80ecc9522a9d8fe734a0

  • SHA1

    0047a28f9337e4404afde444919aaf08922c98d5

  • SHA256

    5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e

  • SHA512

    d040424304b431dccb46fb95e853ef318d32b8d0b0046d567860fff243cd3f60d41e6c6742001ed903d46aec681dadf9d05d8dde9d16242254b03444a4eb52e6

  • SSDEEP

    24576:74lavt0LkLL9IMixoEgeaWwmRGgl5bWq9MmCS:Okwkn9IMHeaWwtU5KaPCS

Malware Config

Targets

    • Target

      5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e

    • Size

      1.1MB

    • MD5

      c0472277dc8d80ecc9522a9d8fe734a0

    • SHA1

      0047a28f9337e4404afde444919aaf08922c98d5

    • SHA256

      5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e

    • SHA512

      d040424304b431dccb46fb95e853ef318d32b8d0b0046d567860fff243cd3f60d41e6c6742001ed903d46aec681dadf9d05d8dde9d16242254b03444a4eb52e6

    • SSDEEP

      24576:74lavt0LkLL9IMixoEgeaWwmRGgl5bWq9MmCS:Okwkn9IMHeaWwtU5KaPCS

    • UAC bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks