General
-
Target
messec-multi-farm.exe
-
Size
7.2MB
-
Sample
240305-1s8hxabe82
-
MD5
0a347eaddba7df022b639a4c90730d99
-
SHA1
d5c190ca5e0fcce2235972d0cfbc1c56b3430835
-
SHA256
3745e4e828f924b999e7da5cf9d354aa7e30b097046bb3b666ef699cee98982a
-
SHA512
8da81d1f7d72456d24e06d2ce37ad138104cc4dd97c29b9d9448447f2160444864955588934be5efcff0bdcdaa4e9f2c7645235c8f7b821b4d72c0febbb342d6
-
SSDEEP
98304:dFqiZdMLQSvE2fItHd4fRkyDT3HYiwQQBp36axKqbC:BZdMLq2SwvXYrQQBR6ax
Malware Config
Targets
-
-
Target
messec-multi-farm.exe
-
Size
7.2MB
-
MD5
0a347eaddba7df022b639a4c90730d99
-
SHA1
d5c190ca5e0fcce2235972d0cfbc1c56b3430835
-
SHA256
3745e4e828f924b999e7da5cf9d354aa7e30b097046bb3b666ef699cee98982a
-
SHA512
8da81d1f7d72456d24e06d2ce37ad138104cc4dd97c29b9d9448447f2160444864955588934be5efcff0bdcdaa4e9f2c7645235c8f7b821b4d72c0febbb342d6
-
SSDEEP
98304:dFqiZdMLQSvE2fItHd4fRkyDT3HYiwQQBp36axKqbC:BZdMLq2SwvXYrQQBR6ax
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1