General
-
Target
58b10193041261d1459fc7a38e4f7182
-
Size
63KB
-
Sample
240113-mh3ysagebp
-
MD5
58b10193041261d1459fc7a38e4f7182
-
SHA1
697a818590fb22c5f050bc6fe2e09bcd9b2c533d
-
SHA256
69bc33a4aec01f84eeee4bcccf312cc8ebfd7a4e5164f0d5a88279a9b16d6f58
-
SHA512
5d8c5622ab866c0fc7e806f7599c994897802bcc9158d3aa80f678777a1c030d2a5aaec475869fc493edf8ec1225979f68c3ba25aa71814534c7b0e7798628f6
-
SSDEEP
1536:on1bEkVY3D3+RyK/vpKl/WYEQxirnHZi0svY1Jnpv/mu:mbEm8DukK/vgc6QH2g/r
Malware Config
Targets
-
-
Target
58b10193041261d1459fc7a38e4f7182
-
Size
63KB
-
MD5
58b10193041261d1459fc7a38e4f7182
-
SHA1
697a818590fb22c5f050bc6fe2e09bcd9b2c533d
-
SHA256
69bc33a4aec01f84eeee4bcccf312cc8ebfd7a4e5164f0d5a88279a9b16d6f58
-
SHA512
5d8c5622ab866c0fc7e806f7599c994897802bcc9158d3aa80f678777a1c030d2a5aaec475869fc493edf8ec1225979f68c3ba25aa71814534c7b0e7798628f6
-
SSDEEP
1536:on1bEkVY3D3+RyK/vpKl/WYEQxirnHZi0svY1Jnpv/mu:mbEm8DukK/vgc6QH2g/r
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1