General

  • Target

    6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7

  • Size

    728KB

  • Sample

    221201-d4c5taed9y

  • MD5

    2799fa8954b1c828615767c47141d559

  • SHA1

    12ea7159dbf19a50c4fbee71697d652a2fc618c9

  • SHA256

    6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7

  • SHA512

    b7a3b0092cbb9014ed7f8257f33eec61221dce660c34d3929e863dbed205ebfeb1276aa568aa7545e0c6e7e890a379c7ceaeed681e57869ee44e0793fb6d6b82

  • SSDEEP

    12288:MaP0UExE1TZZwLFHWw/YAwg8Roam2W64m7ZRYq+TDbr8rtJ:MLUEiTbqFHypg1amR64rpnQrtJ

Score
10/10

Malware Config

Targets

    • Target

      6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7

    • Size

      728KB

    • MD5

      2799fa8954b1c828615767c47141d559

    • SHA1

      12ea7159dbf19a50c4fbee71697d652a2fc618c9

    • SHA256

      6cea3b83c4ce364865d34eef1bbb4c08d42acfa94a871b25fb6f05685c741be7

    • SHA512

      b7a3b0092cbb9014ed7f8257f33eec61221dce660c34d3929e863dbed205ebfeb1276aa568aa7545e0c6e7e890a379c7ceaeed681e57869ee44e0793fb6d6b82

    • SSDEEP

      12288:MaP0UExE1TZZwLFHWw/YAwg8Roam2W64m7ZRYq+TDbr8rtJ:MLUEiTbqFHypg1amR64rpnQrtJ

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks