General

  • Target

    487ee6031e9b7503864be4ee90142c0fa5eca96ce618176462bc704f9a959f4e

  • Size

    522KB

  • Sample

    221127-tme6vaec6y

  • MD5

    5dfd38c632d2e2adae21a4db480d91d3

  • SHA1

    11f1a242b76372d98d89b43ff83ae7ad8590b07b

  • SHA256

    487ee6031e9b7503864be4ee90142c0fa5eca96ce618176462bc704f9a959f4e

  • SHA512

    1a6085f1a6d532dbfa64469a07793d1d917132d2bbd1f832edd90284c8b2aa03ca66d79cfb07307c1b6bc7d281ecd5ab618474b9e9502118245e4efdf9c9ceac

  • SSDEEP

    6144:UiIj/ao9DJKDkLOeO9fvsg0Fw1xf80lBHjkmbATwJzIZ7UdJNU1+jPqA/W9OjVb:Ku6DI8gtBHj9byA87U1K++sm

Score
8/10

Malware Config

Targets

    • Target

      487ee6031e9b7503864be4ee90142c0fa5eca96ce618176462bc704f9a959f4e

    • Size

      522KB

    • MD5

      5dfd38c632d2e2adae21a4db480d91d3

    • SHA1

      11f1a242b76372d98d89b43ff83ae7ad8590b07b

    • SHA256

      487ee6031e9b7503864be4ee90142c0fa5eca96ce618176462bc704f9a959f4e

    • SHA512

      1a6085f1a6d532dbfa64469a07793d1d917132d2bbd1f832edd90284c8b2aa03ca66d79cfb07307c1b6bc7d281ecd5ab618474b9e9502118245e4efdf9c9ceac

    • SSDEEP

      6144:UiIj/ao9DJKDkLOeO9fvsg0Fw1xf80lBHjkmbATwJzIZ7UdJNU1+jPqA/W9OjVb:Ku6DI8gtBHj9byA87U1K++sm

    Score
    8/10
    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks