General
-
Target
3c8f6cfa9f10104a5187a1c026df2393
-
Size
68KB
-
Sample
240101-l1w3hsgddl
-
MD5
3c8f6cfa9f10104a5187a1c026df2393
-
SHA1
67bcbe17f9e37c151e9a42ad8a1f357c0a033c51
-
SHA256
9aadd5825124d75c1e4fb4090c0062f8e1b2ad239f606ead39bf483e6eebdcac
-
SHA512
008c1dcdbc4d46820ee8b1fa89f4b94bb5fb3ff79e2f0d72a6fee02c10cffcc73882f3cc991d03c04265e737a780d55817719f5643ec3ef9525ffef2585fc167
-
SSDEEP
768:NjcVhWSr8szyJBXUkyzf0/wuArfYwOM1H2dtcPVON1ykhcTga4yfKbNgzdr5qglD:i4lJBXpd/nArfY3M+Py/Cc3ValvnRCj
Malware Config
Targets
-
-
Target
3c8f6cfa9f10104a5187a1c026df2393
-
Size
68KB
-
MD5
3c8f6cfa9f10104a5187a1c026df2393
-
SHA1
67bcbe17f9e37c151e9a42ad8a1f357c0a033c51
-
SHA256
9aadd5825124d75c1e4fb4090c0062f8e1b2ad239f606ead39bf483e6eebdcac
-
SHA512
008c1dcdbc4d46820ee8b1fa89f4b94bb5fb3ff79e2f0d72a6fee02c10cffcc73882f3cc991d03c04265e737a780d55817719f5643ec3ef9525ffef2585fc167
-
SSDEEP
768:NjcVhWSr8szyJBXUkyzf0/wuArfYwOM1H2dtcPVON1ykhcTga4yfKbNgzdr5qglD:i4lJBXpd/nArfY3M+Py/Cc3ValvnRCj
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1