General
-
Target
55d113b21fe3fa1dd39a8a191b5505b3
-
Size
100KB
-
Sample
240112-h2g37scda4
-
MD5
55d113b21fe3fa1dd39a8a191b5505b3
-
SHA1
0a47643029a22a3dd129b9d5da041ac81588daf4
-
SHA256
fe3589591b7db5e97ddb00a32c12038bf6c1096de54d9b9c56b94ab7b42e3c57
-
SHA512
fb56795ce846e38de0e65bf2c208775caf2d9b75c1f6ff9293366e04652b7420acfda2a0e36248e768317c482474da6c62446e6f7477529a0cab042f54fd2cd2
-
SSDEEP
1536:nwW8knkx+OoYWj/bWsVXw6dsJFbzmBB0LOO3z/DPuEs+JUfh0Zok4Plnb7bacWg9:nwankv2asVg6uRm0Jj/yPSQLTPlnba
Malware Config
Targets
-
-
Target
55d113b21fe3fa1dd39a8a191b5505b3
-
Size
100KB
-
MD5
55d113b21fe3fa1dd39a8a191b5505b3
-
SHA1
0a47643029a22a3dd129b9d5da041ac81588daf4
-
SHA256
fe3589591b7db5e97ddb00a32c12038bf6c1096de54d9b9c56b94ab7b42e3c57
-
SHA512
fb56795ce846e38de0e65bf2c208775caf2d9b75c1f6ff9293366e04652b7420acfda2a0e36248e768317c482474da6c62446e6f7477529a0cab042f54fd2cd2
-
SSDEEP
1536:nwW8knkx+OoYWj/bWsVXw6dsJFbzmBB0LOO3z/DPuEs+JUfh0Zok4Plnb7bacWg9:nwankv2asVg6uRm0Jj/yPSQLTPlnba
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1