General
-
Target
a2d188f26f6489960c80249f2d7d4623
-
Size
199KB
-
Sample
240224-1l5hnsfc57
-
MD5
a2d188f26f6489960c80249f2d7d4623
-
SHA1
6a485c320e1563e0c8c5d043b6c31f84b1277a6c
-
SHA256
f0e1231ee4bad22b5b13a3197ab0d7e98cd1cee7e34825722bb4e11f349018c9
-
SHA512
8c6d058bba5efecd05b703521c59544bd4ba2418d4ab622e79e7d857996f58fbcbd90a92f9c8f07988d142a9887775138969af0747c794854732b105a53207f0
-
SSDEEP
3072:9msKGgOkGqHmT76JidYL49Nw/fnQRi6RwhGpVAv6IQ9BiQ:9JqHmTieNwnKh5NZ9b
Malware Config
Targets
-
-
Target
a2d188f26f6489960c80249f2d7d4623
-
Size
199KB
-
MD5
a2d188f26f6489960c80249f2d7d4623
-
SHA1
6a485c320e1563e0c8c5d043b6c31f84b1277a6c
-
SHA256
f0e1231ee4bad22b5b13a3197ab0d7e98cd1cee7e34825722bb4e11f349018c9
-
SHA512
8c6d058bba5efecd05b703521c59544bd4ba2418d4ab622e79e7d857996f58fbcbd90a92f9c8f07988d142a9887775138969af0747c794854732b105a53207f0
-
SSDEEP
3072:9msKGgOkGqHmT76JidYL49Nw/fnQRi6RwhGpVAv6IQ9BiQ:9JqHmTieNwnKh5NZ9b
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1