General
-
Target
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
-
Size
10.6MB
-
Sample
240302-zns2zshg75
-
MD5
e9e5596b42f209cc058b55edc2737a80
-
SHA1
f30232697b3f54e58af08421da697262c99ec48b
-
SHA256
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
-
SHA512
e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7
-
SSDEEP
196608:+ahZ5qN3wvdJBiAv1hXx7jeeDt9/wGoyIu+sTvDmQONhL/LslAVyq8rZyA+TXtT4:+w6NAvPAA/Xx3eeDtTD+GDONhL/AlAV8
Static task
static1
Behavioral task
behavioral1
Sample
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
-
Size
10.6MB
-
MD5
e9e5596b42f209cc058b55edc2737a80
-
SHA1
f30232697b3f54e58af08421da697262c99ec48b
-
SHA256
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
-
SHA512
e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7
-
SSDEEP
196608:+ahZ5qN3wvdJBiAv1hXx7jeeDt9/wGoyIu+sTvDmQONhL/LslAVyq8rZyA+TXtT4:+w6NAvPAA/Xx3eeDtTD+GDONhL/AlAV8
Score10/10-
Detects executables packed with ConfuserEx Mod
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2