General

  • Target

    74161da72b92f3dc29efa72b75dcf86c

  • Size

    19.9MB

  • Sample

    221128-3rbhwscb62

  • MD5

    74161da72b92f3dc29efa72b75dcf86c

  • SHA1

    8490c1331b1c40ce986306d5dda51670f93fd78c

  • SHA256

    6e83d9e27d565709d8ee5980ff30cd4db9f0ffaf57ff81fdcca468556e189ad2

  • SHA512

    ced5b9e9358e9ebeed90d1f65fa994adcc55efb3ec9de1e382e671bd584777733ade7bb309031674797d68b8338cd79873a3e467a831ade9fb8159be96b58c5f

  • SSDEEP

    393216:Dowc0wiNiY5FZqOlRQKihdkdByFFCEJnBdTikjkDAWIjoS1SpyEeqBAClYljKAgA:pXbeOyFFCYBdTikgcWxS1OdeqGCluCAF

Malware Config

Targets

    • Target

      74161da72b92f3dc29efa72b75dcf86c

    • Size

      19.9MB

    • MD5

      74161da72b92f3dc29efa72b75dcf86c

    • SHA1

      8490c1331b1c40ce986306d5dda51670f93fd78c

    • SHA256

      6e83d9e27d565709d8ee5980ff30cd4db9f0ffaf57ff81fdcca468556e189ad2

    • SHA512

      ced5b9e9358e9ebeed90d1f65fa994adcc55efb3ec9de1e382e671bd584777733ade7bb309031674797d68b8338cd79873a3e467a831ade9fb8159be96b58c5f

    • SSDEEP

      393216:Dowc0wiNiY5FZqOlRQKihdkdByFFCEJnBdTikjkDAWIjoS1SpyEeqBAClYljKAgA:pXbeOyFFCYBdTikgcWxS1OdeqGCluCAF

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • Sets file execution options in registry

    • Stops running service(s)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Enterprise v6

Tasks