General
-
Target
59062d5df3dc2cc09028e3896c1bf56d
-
Size
772KB
-
Sample
240113-shz5sabcfq
-
MD5
59062d5df3dc2cc09028e3896c1bf56d
-
SHA1
5cef9e055b823929828d2d057e68cebe9e22f20b
-
SHA256
252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d
-
SHA512
f3b29ee338c82974c6b31a54f4a5d087de3b780c75561217ccbfd49371b641cbdb0bea700180154820a4db2bd7ee1d7de4b6da5ad2f711ed384726be011445d3
-
SSDEEP
12288:wEH4LHsAZ7qGyEQmNBhtbllYOGuRU9aQ0dcz3HEai:wEH4LHaoNBhNYOfdO3E9
Static task
static1
Behavioral task
behavioral1
Sample
59062d5df3dc2cc09028e3896c1bf56d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
59062d5df3dc2cc09028e3896c1bf56d.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
59062d5df3dc2cc09028e3896c1bf56d
-
Size
772KB
-
MD5
59062d5df3dc2cc09028e3896c1bf56d
-
SHA1
5cef9e055b823929828d2d057e68cebe9e22f20b
-
SHA256
252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d
-
SHA512
f3b29ee338c82974c6b31a54f4a5d087de3b780c75561217ccbfd49371b641cbdb0bea700180154820a4db2bd7ee1d7de4b6da5ad2f711ed384726be011445d3
-
SSDEEP
12288:wEH4LHsAZ7qGyEQmNBhtbllYOGuRU9aQ0dcz3HEai:wEH4LHaoNBhNYOfdO3E9
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1