General

  • Target

    74803c97b5e6054b511e635cbfd39141

  • Size

    460KB

  • Sample

    231226-rf7w6sdbhk

  • MD5

    74803c97b5e6054b511e635cbfd39141

  • SHA1

    416bf634b6783737e54c11d82fcd48533a3307de

  • SHA256

    5be35a8bdb8e5f368f3a4637b23cfc7434fc422af605b87d36c01ff6c9bf76b6

  • SHA512

    36ba2d1e751ead945c2c49a5f921f8e407f556c190cbe38ff6f4841536587cc47336f252adfb410eb678349305586fd6047e7c2fb3698c503452d15fd3832968

  • SSDEEP

    12288:OlSt6oIHNOhU5O5TYo4XqTig5GSR9CClDDL:OlSt69HNx6T/5xT

Score
10/10

Malware Config

Targets

    • Target

      74803c97b5e6054b511e635cbfd39141

    • Size

      460KB

    • MD5

      74803c97b5e6054b511e635cbfd39141

    • SHA1

      416bf634b6783737e54c11d82fcd48533a3307de

    • SHA256

      5be35a8bdb8e5f368f3a4637b23cfc7434fc422af605b87d36c01ff6c9bf76b6

    • SHA512

      36ba2d1e751ead945c2c49a5f921f8e407f556c190cbe38ff6f4841536587cc47336f252adfb410eb678349305586fd6047e7c2fb3698c503452d15fd3832968

    • SSDEEP

      12288:OlSt6oIHNOhU5O5TYo4XqTig5GSR9CClDDL:OlSt69HNx6T/5xT

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks