General
-
Target
dcc47d5383834936ee799630cdf5732b
-
Size
11.4MB
-
Sample
240325-aj3m7adf4x
-
MD5
dcc47d5383834936ee799630cdf5732b
-
SHA1
fae3bc4a97dedb751fd212e64bb0e4ab47922c42
-
SHA256
1717d857205e5a6f9bd9c9b55934152fb8a3882b9580ec5f0898082504c66dbf
-
SHA512
ed072ec996c99a4b29d2f909e4b2c1efc29383853b8321b4f641fc7c60f8de723fb6fe8e0fb5e208eab47e67ccd4447164366ed6f11e27b53ad30271ab48d80d
-
SSDEEP
24576:HlxdvCcpOKCtBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBT:HlzOR
Static task
static1
Behavioral task
behavioral1
Sample
dcc47d5383834936ee799630cdf5732b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dcc47d5383834936ee799630cdf5732b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
dcc47d5383834936ee799630cdf5732b
-
Size
11.4MB
-
MD5
dcc47d5383834936ee799630cdf5732b
-
SHA1
fae3bc4a97dedb751fd212e64bb0e4ab47922c42
-
SHA256
1717d857205e5a6f9bd9c9b55934152fb8a3882b9580ec5f0898082504c66dbf
-
SHA512
ed072ec996c99a4b29d2f909e4b2c1efc29383853b8321b4f641fc7c60f8de723fb6fe8e0fb5e208eab47e67ccd4447164366ed6f11e27b53ad30271ab48d80d
-
SSDEEP
24576:HlxdvCcpOKCtBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBT:HlzOR
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2