General
-
Target
dcf5743b9a5220e10a0cbd2c2c771965c9ba05eb6e7e8c33e18f5bd67f26fbc4
-
Size
770KB
-
Sample
231013-2fkrrade7z
-
MD5
d643b55e97a20d0f2be2ebbbe22f197d
-
SHA1
3e578901b3e72fed8d09dad92325bfd42730142a
-
SHA256
dcf5743b9a5220e10a0cbd2c2c771965c9ba05eb6e7e8c33e18f5bd67f26fbc4
-
SHA512
1b04de81d7dd1caa2a49bc3c1d08c6ec24e39b651e41f2ace9d011d784b682cff3e193b45adcbe2428d2153a28d98004019019bdc80db891682daf53de21a041
-
SSDEEP
24576:O7eit0t9EsyC1XS64DbvYwdzv1n4WwwS6u3sK:O7eimfEsr1X/4wwbn4Wpi
Malware Config
Targets
-
-
Target
dcf5743b9a5220e10a0cbd2c2c771965c9ba05eb6e7e8c33e18f5bd67f26fbc4
-
Size
770KB
-
MD5
d643b55e97a20d0f2be2ebbbe22f197d
-
SHA1
3e578901b3e72fed8d09dad92325bfd42730142a
-
SHA256
dcf5743b9a5220e10a0cbd2c2c771965c9ba05eb6e7e8c33e18f5bd67f26fbc4
-
SHA512
1b04de81d7dd1caa2a49bc3c1d08c6ec24e39b651e41f2ace9d011d784b682cff3e193b45adcbe2428d2153a28d98004019019bdc80db891682daf53de21a041
-
SSDEEP
24576:O7eit0t9EsyC1XS64DbvYwdzv1n4WwwS6u3sK:O7eimfEsr1X/4wwbn4Wpi
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1