General

  • Target

    59062d5df3dc2cc09028e3896c1bf56d

  • Size

    772KB

  • Sample

    240113-shz5sabcfq

  • MD5

    59062d5df3dc2cc09028e3896c1bf56d

  • SHA1

    5cef9e055b823929828d2d057e68cebe9e22f20b

  • SHA256

    252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d

  • SHA512

    f3b29ee338c82974c6b31a54f4a5d087de3b780c75561217ccbfd49371b641cbdb0bea700180154820a4db2bd7ee1d7de4b6da5ad2f711ed384726be011445d3

  • SSDEEP

    12288:wEH4LHsAZ7qGyEQmNBhtbllYOGuRU9aQ0dcz3HEai:wEH4LHaoNBhNYOfdO3E9

Score
10/10

Malware Config

Targets

    • Target

      59062d5df3dc2cc09028e3896c1bf56d

    • Size

      772KB

    • MD5

      59062d5df3dc2cc09028e3896c1bf56d

    • SHA1

      5cef9e055b823929828d2d057e68cebe9e22f20b

    • SHA256

      252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d

    • SHA512

      f3b29ee338c82974c6b31a54f4a5d087de3b780c75561217ccbfd49371b641cbdb0bea700180154820a4db2bd7ee1d7de4b6da5ad2f711ed384726be011445d3

    • SSDEEP

      12288:wEH4LHsAZ7qGyEQmNBhtbllYOGuRU9aQ0dcz3HEai:wEH4LHaoNBhNYOfdO3E9

    Score
    10/10
    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks