General

  • Target

    be6115bebb74a041f68e1837da48e491c7a1c8564c1d64655f178063ae5aeb5e

  • Size

    184KB

  • Sample

    221124-amfylaeg88

  • MD5

    15c27df8a2cbf7b65abbe7ec90a81d77

  • SHA1

    908273bcc612135525a4fd7ca8f17fedfd2d3c96

  • SHA256

    be6115bebb74a041f68e1837da48e491c7a1c8564c1d64655f178063ae5aeb5e

  • SHA512

    a0becae2a13f3a6bce4e1f72d2f2fd4e49588aeaf3a2831ee38263034ebbab172c2df08ade0ed1df0abc5feefbc347961e8d7f52450279d9d1480643ca3d4879

  • SSDEEP

    3072:7K1cfl/BTyzcM+Knvmb7/D263i4qMbBQhAKIWOD2r1oX1/hcNcfAUane4RzsUZSq:kClpTFzKnvmb7/D26y4qMSyKbOD2r1oy

Score
10/10

Malware Config

Targets

    • Target

      be6115bebb74a041f68e1837da48e491c7a1c8564c1d64655f178063ae5aeb5e

    • Size

      184KB

    • MD5

      15c27df8a2cbf7b65abbe7ec90a81d77

    • SHA1

      908273bcc612135525a4fd7ca8f17fedfd2d3c96

    • SHA256

      be6115bebb74a041f68e1837da48e491c7a1c8564c1d64655f178063ae5aeb5e

    • SHA512

      a0becae2a13f3a6bce4e1f72d2f2fd4e49588aeaf3a2831ee38263034ebbab172c2df08ade0ed1df0abc5feefbc347961e8d7f52450279d9d1480643ca3d4879

    • SSDEEP

      3072:7K1cfl/BTyzcM+Knvmb7/D263i4qMbBQhAKIWOD2r1oX1/hcNcfAUane4RzsUZSq:kClpTFzKnvmb7/D26y4qMSyKbOD2r1oy

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks