General
-
Target
c3ded783475ca7c7987b22821f13ca31
-
Size
1.3MB
-
Sample
240312-vd8bpsga88
-
MD5
c3ded783475ca7c7987b22821f13ca31
-
SHA1
de4a651f80f5351f48e717e614958c114f11dd21
-
SHA256
1efe6335a6aec48eceb1dd1b1e88f9872fb5e937efba9687787cddd919e27cbf
-
SHA512
81091ffffed1a9a55adfe583b3bc064ed7751e5268baeaad4ccc814606e6f83fcfd1674b90eb4b58d7b13714b5b9c5824d86fbb5d66dda7610757459b4d9d0c7
-
SSDEEP
24576:CE3UdfxKtinU/gwsHhviv6/0f1xovPfyy4QaNDu3BgZBqFZFU3tyib5l9+:CzdpuOUcP/0Dovyy4/cSZCrIxb5l9+
Malware Config
Targets
-
-
Target
c3ded783475ca7c7987b22821f13ca31
-
Size
1.3MB
-
MD5
c3ded783475ca7c7987b22821f13ca31
-
SHA1
de4a651f80f5351f48e717e614958c114f11dd21
-
SHA256
1efe6335a6aec48eceb1dd1b1e88f9872fb5e937efba9687787cddd919e27cbf
-
SHA512
81091ffffed1a9a55adfe583b3bc064ed7751e5268baeaad4ccc814606e6f83fcfd1674b90eb4b58d7b13714b5b9c5824d86fbb5d66dda7610757459b4d9d0c7
-
SSDEEP
24576:CE3UdfxKtinU/gwsHhviv6/0f1xovPfyy4QaNDu3BgZBqFZFU3tyib5l9+:CzdpuOUcP/0Dovyy4/cSZCrIxb5l9+
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1