General
-
Target
4028bb467fc6bec1a1751fa78782dc1a
-
Size
138KB
-
Sample
231225-2d3vjsaeek
-
MD5
4028bb467fc6bec1a1751fa78782dc1a
-
SHA1
4f911cc559dc20dfc454f45264f01a91b852fa24
-
SHA256
e7d41a68329be654e099ddb56d990e492609b7d5b982a1486d6c98a64fd3949f
-
SHA512
cc295113f493c25bbb6d2769d0b867f9316d2b93cbe6e9cd7202c178616674a9d63b96e61a2fb8101af22faa67c508219b4f924a648abdff792335c94c40b492
-
SSDEEP
3072:GQI6oYuHD0TeU4rJRaOPd0BJt3j32P7TYBer+GbHt:xIhHtjdYv+TYsrLbHt
Malware Config
Targets
-
-
Target
4028bb467fc6bec1a1751fa78782dc1a
-
Size
138KB
-
MD5
4028bb467fc6bec1a1751fa78782dc1a
-
SHA1
4f911cc559dc20dfc454f45264f01a91b852fa24
-
SHA256
e7d41a68329be654e099ddb56d990e492609b7d5b982a1486d6c98a64fd3949f
-
SHA512
cc295113f493c25bbb6d2769d0b867f9316d2b93cbe6e9cd7202c178616674a9d63b96e61a2fb8101af22faa67c508219b4f924a648abdff792335c94c40b492
-
SSDEEP
3072:GQI6oYuHD0TeU4rJRaOPd0BJt3j32P7TYBer+GbHt:xIhHtjdYv+TYsrLbHt
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1