General

  • Target

    b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8

  • Size

    223KB

  • Sample

    231204-ew4s8sgh82

  • MD5

    3b56ed37bc8b0c07c6f2791cdc5b115a

  • SHA1

    709f7ec5c723a2dc101aba5ff897582a72681985

  • SHA256

    b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8

  • SHA512

    e81b3e44c1fa0ee0b0eb113e7c3735533d3e1b0dd6d681f9a57af8bf6be7eee1981a1d145a6763082c653d4d06b00cb83551fe60f5599997f5d2ec7f3c03b5fe

  • SSDEEP

    3072:yZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:ewPSUONLNsuWA7koN+boRi9S6oiz72D

Score
10/10

Malware Config

Targets

    • Target

      b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8

    • Size

      223KB

    • MD5

      3b56ed37bc8b0c07c6f2791cdc5b115a

    • SHA1

      709f7ec5c723a2dc101aba5ff897582a72681985

    • SHA256

      b3d81882d0e7c3cb210c0d4dbccfec8c474b93406cd256643ca4bd28599236f8

    • SHA512

      e81b3e44c1fa0ee0b0eb113e7c3735533d3e1b0dd6d681f9a57af8bf6be7eee1981a1d145a6763082c653d4d06b00cb83551fe60f5599997f5d2ec7f3c03b5fe

    • SSDEEP

      3072:yZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:ewPSUONLNsuWA7koN+boRi9S6oiz72D

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks