General
-
Target
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
-
Size
1.5MB
-
Sample
240425-d456laeg51
-
MD5
13c291a51303cb5b0d165e16fb16adbf
-
SHA1
67770e925c3f03212afdbdf20e84a7de8d682465
-
SHA256
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
-
SHA512
b2064b2ee4bdd4ac1bc8a3b1ba49c3cd359c098100ebf0ffe55566cb920478a806758a536b53b5216e66fdb2207d1df5ca2ff850a4ea23afc3941f81701205d1
-
SSDEEP
12288:wHZVm/7ePnv+TWM+6+xTGzgFA+u/x8acJdPACFFbLFi8cj5UQbM72voL:2v+NWu/adRYj5UQO5
Static task
static1
Behavioral task
behavioral1
Sample
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
-
Size
1.5MB
-
MD5
13c291a51303cb5b0d165e16fb16adbf
-
SHA1
67770e925c3f03212afdbdf20e84a7de8d682465
-
SHA256
d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
-
SHA512
b2064b2ee4bdd4ac1bc8a3b1ba49c3cd359c098100ebf0ffe55566cb920478a806758a536b53b5216e66fdb2207d1df5ca2ff850a4ea23afc3941f81701205d1
-
SSDEEP
12288:wHZVm/7ePnv+TWM+6+xTGzgFA+u/x8acJdPACFFbLFi8cj5UQbM72voL:2v+NWu/adRYj5UQO5
Score10/10-
Modifies firewall policy service
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1