General

  • Target

    be5f9409745c8c3853f3c320a1327960_exe32.exe

  • Size

    210KB

  • Sample

    231015-yf2hqagb95

  • MD5

    be5f9409745c8c3853f3c320a1327960

  • SHA1

    5e7269ed49c573dc4b8f3ce637c06dea9d2fff19

  • SHA256

    e03a5fca15621bbb472355fa10771e72cd23c33021c5837aa05646329b3b59e1

  • SHA512

    cd7e4495322b7ace19150355302828a1f9fcba7cc9af561a25fc0244a715ab2d3cdfdd9da0e0304a40175736d12930f14ab791439293473534e8b66534eecee5

  • SSDEEP

    3072:/plLir2bgbHfeEMlUVZ/VGS7rN+kout8GXoYloDkldTGAJOcpQzzQQzUMdc:/pW2bgbbV28okoS1oWMkdlZQ5wQc

Malware Config

Targets

    • Target

      be5f9409745c8c3853f3c320a1327960_exe32.exe

    • Size

      210KB

    • MD5

      be5f9409745c8c3853f3c320a1327960

    • SHA1

      5e7269ed49c573dc4b8f3ce637c06dea9d2fff19

    • SHA256

      e03a5fca15621bbb472355fa10771e72cd23c33021c5837aa05646329b3b59e1

    • SHA512

      cd7e4495322b7ace19150355302828a1f9fcba7cc9af561a25fc0244a715ab2d3cdfdd9da0e0304a40175736d12930f14ab791439293473534e8b66534eecee5

    • SSDEEP

      3072:/plLir2bgbHfeEMlUVZ/VGS7rN+kout8GXoYloDkldTGAJOcpQzzQQzUMdc:/pW2bgbbV28okoS1oWMkdlZQ5wQc

    • UAC bypass

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Modifies system executable filetype association

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks