General
-
Target
93cb7b35916302945f838f993c0e667e4ac9eed022088b4b300b3ad8e4ee7a71
-
Size
285KB
-
Sample
240420-am7fjscb91
-
MD5
3895caf857ac1d86b5dea73b778e92d2
-
SHA1
c7ba457f4df341aa69ea3a16a5f31011fd9081c4
-
SHA256
93cb7b35916302945f838f993c0e667e4ac9eed022088b4b300b3ad8e4ee7a71
-
SHA512
847fdea019f2291b78e5c820e106cbb45234a0310aa15ea952fd2dd4bbfcde71abbe24b2ed0c4aeaee8a8332ffdd1d2d271fc27fcbf2d79376a13bc1f7e472f4
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL1:NBaBnmtOwq/+1MkU68raJRHua8G9LcoH
Malware Config
Targets
-
-
Target
93cb7b35916302945f838f993c0e667e4ac9eed022088b4b300b3ad8e4ee7a71
-
Size
285KB
-
MD5
3895caf857ac1d86b5dea73b778e92d2
-
SHA1
c7ba457f4df341aa69ea3a16a5f31011fd9081c4
-
SHA256
93cb7b35916302945f838f993c0e667e4ac9eed022088b4b300b3ad8e4ee7a71
-
SHA512
847fdea019f2291b78e5c820e106cbb45234a0310aa15ea952fd2dd4bbfcde71abbe24b2ed0c4aeaee8a8332ffdd1d2d271fc27fcbf2d79376a13bc1f7e472f4
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL1:NBaBnmtOwq/+1MkU68raJRHua8G9LcoH
Score10/10-
Modifies firewall policy service
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1