General
-
Target
02b85f76e742a8b641c9958ad308d434
-
Size
286KB
-
Sample
231224-sd9tesbaek
-
MD5
02b85f76e742a8b641c9958ad308d434
-
SHA1
dba8f7fef137c9cbece065a13b9a043a6d4eeed4
-
SHA256
8c6ea1c2182690d78b48d944c7ad3a1752f87f8df56e49de5cc6371db3fd0ce1
-
SHA512
eea52574679d3a31e7eaac9b497a0417a7036dcdb365471b07bdac3577cde44e2860771ee823c53f227b01757ec4d40bec6004d9bd366d773453a008675dda22
-
SSDEEP
6144:6rhoyWGeqkKyOPWV+TJIE2nG3vcGLlEiQ6mFwYZ9QgzZ3foSv:soTKyrWSnG3EGZEkmFwYZRzpoSv
Behavioral task
behavioral1
Sample
02b85f76e742a8b641c9958ad308d434.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
02b85f76e742a8b641c9958ad308d434.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
02b85f76e742a8b641c9958ad308d434
-
Size
286KB
-
MD5
02b85f76e742a8b641c9958ad308d434
-
SHA1
dba8f7fef137c9cbece065a13b9a043a6d4eeed4
-
SHA256
8c6ea1c2182690d78b48d944c7ad3a1752f87f8df56e49de5cc6371db3fd0ce1
-
SHA512
eea52574679d3a31e7eaac9b497a0417a7036dcdb365471b07bdac3577cde44e2860771ee823c53f227b01757ec4d40bec6004d9bd366d773453a008675dda22
-
SSDEEP
6144:6rhoyWGeqkKyOPWV+TJIE2nG3vcGLlEiQ6mFwYZ9QgzZ3foSv:soTKyrWSnG3EGZEkmFwYZRzpoSv
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1