General
-
Target
b6f837780700615201a9b4c7fbc54cb2
-
Size
1016KB
-
Sample
240306-kbzaxaeh8s
-
MD5
b6f837780700615201a9b4c7fbc54cb2
-
SHA1
47f56fdeced03b77a154b84840707a4cbd9091cc
-
SHA256
b25cc0ecfa1dadaa41c64122b1ba85581bdb8b9d9b7df4857bb921d6d89d7144
-
SHA512
376954d52b6df9af292068280e5d8602fa5cc28053385708eb33551f42a267b9c61a577df71332ced36f7944159d9d0955b03e8f8dcf9372b9989a6ba2159991
-
SSDEEP
24576:/EAKxM+OHhgIWdPdM5vXyvI/8UjosK++ZlUXPIR1f:dKjOHy+VXyA/8YoBzlUfIR1
Malware Config
Targets
-
-
Target
b6f837780700615201a9b4c7fbc54cb2
-
Size
1016KB
-
MD5
b6f837780700615201a9b4c7fbc54cb2
-
SHA1
47f56fdeced03b77a154b84840707a4cbd9091cc
-
SHA256
b25cc0ecfa1dadaa41c64122b1ba85581bdb8b9d9b7df4857bb921d6d89d7144
-
SHA512
376954d52b6df9af292068280e5d8602fa5cc28053385708eb33551f42a267b9c61a577df71332ced36f7944159d9d0955b03e8f8dcf9372b9989a6ba2159991
-
SSDEEP
24576:/EAKxM+OHhgIWdPdM5vXyvI/8UjosK++ZlUXPIR1f:dKjOHy+VXyA/8YoBzlUfIR1
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1