General

  • Target

    57a8c9097c7028deefbb5b1b628d8001dea0a9134d684f4dc0d63f7de678e782

  • Size

    128KB

  • Sample

    221123-lwle8afg91

  • MD5

    d20e0e26842b882571f015846dce7654

  • SHA1

    020b852d40700cbf6c151f8169c7cef8fb9fe263

  • SHA256

    57a8c9097c7028deefbb5b1b628d8001dea0a9134d684f4dc0d63f7de678e782

  • SHA512

    7261c54db52f093be69850c821dedfedf3c2b607b9eefe4bf686c6a966389fa7621463c9ccd4a108cadc31f6d641ca04ad4a565f0648abe11e1779718250e616

  • SSDEEP

    3072:j91MOvFFVxIs2EanGPBXGCPFCW/S7Eoatr1ao0+A6EeOQ2swbij:3xBCUbao08Eev

Malware Config

Targets

    • Target

      57a8c9097c7028deefbb5b1b628d8001dea0a9134d684f4dc0d63f7de678e782

    • Size

      128KB

    • MD5

      d20e0e26842b882571f015846dce7654

    • SHA1

      020b852d40700cbf6c151f8169c7cef8fb9fe263

    • SHA256

      57a8c9097c7028deefbb5b1b628d8001dea0a9134d684f4dc0d63f7de678e782

    • SHA512

      7261c54db52f093be69850c821dedfedf3c2b607b9eefe4bf686c6a966389fa7621463c9ccd4a108cadc31f6d641ca04ad4a565f0648abe11e1779718250e616

    • SSDEEP

      3072:j91MOvFFVxIs2EanGPBXGCPFCW/S7Eoatr1ao0+A6EeOQ2swbij:3xBCUbao08Eev

    • UAC bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks