General

  • Target

    49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8

  • Size

    124KB

  • Sample

    221123-lppt3afd2x

  • MD5

    70d24101bbf1b1c0586eda8cb43b0b86

  • SHA1

    05b7f3c58ddee28044006efb66020597a7d52c36

  • SHA256

    49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8

  • SHA512

    b2d4f60dd2999d8fa739a89ed08ed2fc9f3946647667d72960c0b0c9a5ca91aa803641d7961372726e6faaeb853ff9b95df1f473afe771ff8a38748364d2e569

  • SSDEEP

    3072:ZlLfBpLN3a1P4eSZWWGNBrGnrKB+3s/s1Ic44g1j0JPuG:TBX24eSjGncrXCSIc

Malware Config

Targets

    • Target

      49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8

    • Size

      124KB

    • MD5

      70d24101bbf1b1c0586eda8cb43b0b86

    • SHA1

      05b7f3c58ddee28044006efb66020597a7d52c36

    • SHA256

      49b2cbb64440101fa6b838082a1ce986fe4bd1869069aef5f83167fad5f456c8

    • SHA512

      b2d4f60dd2999d8fa739a89ed08ed2fc9f3946647667d72960c0b0c9a5ca91aa803641d7961372726e6faaeb853ff9b95df1f473afe771ff8a38748364d2e569

    • SSDEEP

      3072:ZlLfBpLN3a1P4eSZWWGNBrGnrKB+3s/s1Ic44g1j0JPuG:TBX24eSjGncrXCSIc

    • UAC bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks