General

  • Target

    02b85f76e742a8b641c9958ad308d434

  • Size

    286KB

  • Sample

    231224-sd9tesbaek

  • MD5

    02b85f76e742a8b641c9958ad308d434

  • SHA1

    dba8f7fef137c9cbece065a13b9a043a6d4eeed4

  • SHA256

    8c6ea1c2182690d78b48d944c7ad3a1752f87f8df56e49de5cc6371db3fd0ce1

  • SHA512

    eea52574679d3a31e7eaac9b497a0417a7036dcdb365471b07bdac3577cde44e2860771ee823c53f227b01757ec4d40bec6004d9bd366d773453a008675dda22

  • SSDEEP

    6144:6rhoyWGeqkKyOPWV+TJIE2nG3vcGLlEiQ6mFwYZ9QgzZ3foSv:soTKyrWSnG3EGZEkmFwYZRzpoSv

Score
10/10

Malware Config

Targets

    • Target

      02b85f76e742a8b641c9958ad308d434

    • Size

      286KB

    • MD5

      02b85f76e742a8b641c9958ad308d434

    • SHA1

      dba8f7fef137c9cbece065a13b9a043a6d4eeed4

    • SHA256

      8c6ea1c2182690d78b48d944c7ad3a1752f87f8df56e49de5cc6371db3fd0ce1

    • SHA512

      eea52574679d3a31e7eaac9b497a0417a7036dcdb365471b07bdac3577cde44e2860771ee823c53f227b01757ec4d40bec6004d9bd366d773453a008675dda22

    • SSDEEP

      6144:6rhoyWGeqkKyOPWV+TJIE2nG3vcGLlEiQ6mFwYZ9QgzZ3foSv:soTKyrWSnG3EGZEkmFwYZRzpoSv

    Score
    10/10
    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks