General

  • Target

    cc124e1b81c4e10d1fd972601315975d1a5a35ca54265e4ddafe14592bd993ca

  • Size

    65KB

  • Sample

    221206-r3ya9aga22

  • MD5

    19d88235a435a3f2199eabfe427e9c48

  • SHA1

    ea5e8bb360e1d371fd9a858beb0b7b4a22b3af68

  • SHA256

    cc124e1b81c4e10d1fd972601315975d1a5a35ca54265e4ddafe14592bd993ca

  • SHA512

    2647df1c45e6e60a86963cb00194c712231d7ef2d0a56adf538b00ccdaa79440c7aa08119ce99d2c3f9eb381a4090b4b18f0a09db1584182756addc93b90df3e

  • SSDEEP

    1536:8RkN4xKr7TVkSzODZIC4o91zxeqjD/vaGv9MCNp0nhz:2kCKrFk2C4o91zxP3aGvRNChz

Score
10/10

Malware Config

Targets

    • Target

      cc124e1b81c4e10d1fd972601315975d1a5a35ca54265e4ddafe14592bd993ca

    • Size

      65KB

    • MD5

      19d88235a435a3f2199eabfe427e9c48

    • SHA1

      ea5e8bb360e1d371fd9a858beb0b7b4a22b3af68

    • SHA256

      cc124e1b81c4e10d1fd972601315975d1a5a35ca54265e4ddafe14592bd993ca

    • SHA512

      2647df1c45e6e60a86963cb00194c712231d7ef2d0a56adf538b00ccdaa79440c7aa08119ce99d2c3f9eb381a4090b4b18f0a09db1584182756addc93b90df3e

    • SSDEEP

      1536:8RkN4xKr7TVkSzODZIC4o91zxeqjD/vaGv9MCNp0nhz:2kCKrFk2C4o91zxP3aGvRNChz

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Disables use of System Restore points

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks