General

  • Target

    db8a2649c146f43ef215dd2cc17a6263

  • Size

    1.5MB

  • Sample

    240321-ns1f3sae75

  • MD5

    db8a2649c146f43ef215dd2cc17a6263

  • SHA1

    f17cf5fd95ffded1b7fdd9731bb74e17bb0f2dbf

  • SHA256

    eafc97251cb5d05feb55a30c32cc4c8e64c974c480d7f0e9f044ecb22169a01c

  • SHA512

    8b006b15e879b5f968b50a35c650d0961b2cd1babf646ec833ed92d78f59b631d36bedfed7d1b0fd5a635c1172c1371ccebb5b4ba31a3c171c4731f32552ecf6

  • SSDEEP

    49152:CZcl2prALpnrFQejcakiRm//sxUZPNOd+KJzdK:5cprepnrqejlkmmnsaUd+KxdK

Malware Config

Targets

    • Target

      db8a2649c146f43ef215dd2cc17a6263

    • Size

      1.5MB

    • MD5

      db8a2649c146f43ef215dd2cc17a6263

    • SHA1

      f17cf5fd95ffded1b7fdd9731bb74e17bb0f2dbf

    • SHA256

      eafc97251cb5d05feb55a30c32cc4c8e64c974c480d7f0e9f044ecb22169a01c

    • SHA512

      8b006b15e879b5f968b50a35c650d0961b2cd1babf646ec833ed92d78f59b631d36bedfed7d1b0fd5a635c1172c1371ccebb5b4ba31a3c171c4731f32552ecf6

    • SSDEEP

      49152:CZcl2prALpnrFQejcakiRm//sxUZPNOd+KJzdK:5cprepnrqejlkmmnsaUd+KxdK

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks