General
-
Target
e179cf7c48696574110f74f0d1343d0e
-
Size
10.2MB
-
Sample
240327-mswbpade41
-
MD5
e179cf7c48696574110f74f0d1343d0e
-
SHA1
a6be3a913c9000446aa2e4bb72bd8d4d82bedc24
-
SHA256
91fe783738efad80d5cc28a8762971ffe03f9c3559bd5326b8132a1f96a0d278
-
SHA512
ff23a058bb8d995f00f965eb6e8df3bdefb22bbfad08d4d2061e46c99bfc5b9c03f835b68fb44d081f2bb21b0d77fd0693e6eaa874860968447a171d12081245
-
SSDEEP
24576:EUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmW:EF15
Static task
static1
Behavioral task
behavioral1
Sample
e179cf7c48696574110f74f0d1343d0e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e179cf7c48696574110f74f0d1343d0e.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
e179cf7c48696574110f74f0d1343d0e
-
Size
10.2MB
-
MD5
e179cf7c48696574110f74f0d1343d0e
-
SHA1
a6be3a913c9000446aa2e4bb72bd8d4d82bedc24
-
SHA256
91fe783738efad80d5cc28a8762971ffe03f9c3559bd5326b8132a1f96a0d278
-
SHA512
ff23a058bb8d995f00f965eb6e8df3bdefb22bbfad08d4d2061e46c99bfc5b9c03f835b68fb44d081f2bb21b0d77fd0693e6eaa874860968447a171d12081245
-
SSDEEP
24576:EUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmW:EF15
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2