General
-
Target
c2782a39f926d39bc8956287b18b6458
-
Size
1.2MB
-
Sample
240312-fapymaae66
-
MD5
c2782a39f926d39bc8956287b18b6458
-
SHA1
9a2d787b0e1f0b185d42ba23758288c59dd8bcf8
-
SHA256
453bd25a3bbf0f41ff91e7abe0261ce7c57d87889b37d0a0b938498f4ec5c1da
-
SHA512
dd4094bb548b972bef4c47d891f58c3fe4a2dbb7d6180437545b9b95ba8cc45fa8ddb56c2a97b0bfb364201f850790b7652d484f53961559d46c964bc12cbc9b
-
SSDEEP
12288:VAORj9ujWEfhwtk4S/+JrbiKys3qOJZBSd//KrqFoDLYFPsViq5htc1KUH/Enj2w:JV9GvLJ/gISX57bE4DRCWhU4vKqb
Malware Config
Targets
-
-
Target
c2782a39f926d39bc8956287b18b6458
-
Size
1.2MB
-
MD5
c2782a39f926d39bc8956287b18b6458
-
SHA1
9a2d787b0e1f0b185d42ba23758288c59dd8bcf8
-
SHA256
453bd25a3bbf0f41ff91e7abe0261ce7c57d87889b37d0a0b938498f4ec5c1da
-
SHA512
dd4094bb548b972bef4c47d891f58c3fe4a2dbb7d6180437545b9b95ba8cc45fa8ddb56c2a97b0bfb364201f850790b7652d484f53961559d46c964bc12cbc9b
-
SSDEEP
12288:VAORj9ujWEfhwtk4S/+JrbiKys3qOJZBSd//KrqFoDLYFPsViq5htc1KUH/Enj2w:JV9GvLJ/gISX57bE4DRCWhU4vKqb
Score10/10-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1