General

  • Target

    510d75e1be293b07649e87815f9fe515d17dcb6d1e4889da9331b0446e7ad31a

  • Size

    1.7MB

  • Sample

    240525-1gfzhsbg58

  • MD5

    13eddc202706c4a91ace14a1de0a7384

  • SHA1

    e12a0cf8df25f1517d1232914b29d6487f9a0069

  • SHA256

    510d75e1be293b07649e87815f9fe515d17dcb6d1e4889da9331b0446e7ad31a

  • SHA512

    2287e6831e4dfde8cabe0bc9295a84c954161534d7098db46ef3b74f7ae6b04f55f481b908b9dbb4732b65e4954cc7ede09045a8aef8cb96e7e5bfaa65f6200f

  • SSDEEP

    12288:Y6sg9q8utL6R91NNaUfViptH0D9wvT1xkZTWbq6Pknm2N5kv7Z62J5ugQ8cY47Op:YyG6RGjv7biFpVUJ

Score
10/10

Malware Config

Targets

    • Target

      510d75e1be293b07649e87815f9fe515d17dcb6d1e4889da9331b0446e7ad31a

    • Size

      1.7MB

    • MD5

      13eddc202706c4a91ace14a1de0a7384

    • SHA1

      e12a0cf8df25f1517d1232914b29d6487f9a0069

    • SHA256

      510d75e1be293b07649e87815f9fe515d17dcb6d1e4889da9331b0446e7ad31a

    • SHA512

      2287e6831e4dfde8cabe0bc9295a84c954161534d7098db46ef3b74f7ae6b04f55f481b908b9dbb4732b65e4954cc7ede09045a8aef8cb96e7e5bfaa65f6200f

    • SSDEEP

      12288:Y6sg9q8utL6R91NNaUfViptH0D9wvT1xkZTWbq6Pknm2N5kv7Z62J5ugQ8cY47Op:YyG6RGjv7biFpVUJ

    Score
    10/10
    • Modifies firewall policy service

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks