General

  • Target

    0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e

  • Size

    244KB

  • Sample

    221123-xleepsfc92

  • MD5

    442b62ad63c76b465da5b97e21d69cd0

  • SHA1

    b2f19ecc58da3686e53542d49eb5b871b533bf6a

  • SHA256

    0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e

  • SHA512

    1ec24a24133dc93819285d6ef344f1d10c95d3f857d9bc411b8aadca723310468e74154e54a2e339cc2f510c8b1390fb36ceff5d2d741b9d57950f0a7b6bacff

  • SSDEEP

    6144:7IN/tUVMpcE8gKRzl6j13YW7ysRnt4xjCtPCrLudlGU6n5Gd:C1P8gwl6j13YW7ysRnt4xjCCrLudlN6o

Score
10/10

Malware Config

Targets

    • Target

      0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e

    • Size

      244KB

    • MD5

      442b62ad63c76b465da5b97e21d69cd0

    • SHA1

      b2f19ecc58da3686e53542d49eb5b871b533bf6a

    • SHA256

      0db9a7759652a023c39187c22482eb2c268d3682385b6b2f056735bfdcc0004e

    • SHA512

      1ec24a24133dc93819285d6ef344f1d10c95d3f857d9bc411b8aadca723310468e74154e54a2e339cc2f510c8b1390fb36ceff5d2d741b9d57950f0a7b6bacff

    • SSDEEP

      6144:7IN/tUVMpcE8gKRzl6j13YW7ysRnt4xjCtPCrLudlGU6n5Gd:C1P8gwl6j13YW7ysRnt4xjCCrLudlN6o

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks