General

  • Target

    830e263bd2cb32339586ba47a3f7a7c98dfca64557f701f2bcea1f768fd3e901

  • Size

    12KB

  • Sample

    230129-x8ph7aba27

  • MD5

    2b02f3cc9e5ff3fed55914378bd3e61d

  • SHA1

    5d8798ed6581e09b973d30086dbdf99fac3347bd

  • SHA256

    830e263bd2cb32339586ba47a3f7a7c98dfca64557f701f2bcea1f768fd3e901

  • SHA512

    ddd9691b96a711637f4b429a1ead879a864b7c6c816de4d532a6c0c47fa7ac675bc6cf9f2b9e51c5c534dbb90cd44c4b6bf1faba9ecc75d6efd56e81403d2268

  • SSDEEP

    192:7A+yNB0HHwSgaIVr53eDmiiqGsf0LEG85YcvV1:7AxNGHH8953eDmindf0LEGkYcvV1

Malware Config

Targets

    • Target

      830e263bd2cb32339586ba47a3f7a7c98dfca64557f701f2bcea1f768fd3e901

    • Size

      12KB

    • MD5

      2b02f3cc9e5ff3fed55914378bd3e61d

    • SHA1

      5d8798ed6581e09b973d30086dbdf99fac3347bd

    • SHA256

      830e263bd2cb32339586ba47a3f7a7c98dfca64557f701f2bcea1f768fd3e901

    • SHA512

      ddd9691b96a711637f4b429a1ead879a864b7c6c816de4d532a6c0c47fa7ac675bc6cf9f2b9e51c5c534dbb90cd44c4b6bf1faba9ecc75d6efd56e81403d2268

    • SSDEEP

      192:7A+yNB0HHwSgaIVr53eDmiiqGsf0LEG85YcvV1:7AxNGHH8953eDmindf0LEGkYcvV1

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks