General
-
Target
DeluxaRel1.exe
-
Size
388KB
-
Sample
240531-mf8q9afc47
-
MD5
b750576cd4e08f4a9804ca0cce97d127
-
SHA1
5faa5ab2f5df72f587e45420550e656dcfb35aae
-
SHA256
2d0afb9e7e14160e9df637475585fcbcf7494e57abd7cf3c117ac96e4580538d
-
SHA512
41bcdc89f7817a7a345c604ece0c305347f8e90a46e690254be19b0f2d9d1749f560ce302c207c576b536f21e34f4de84a67811760ac12c55b8ea9f27c29b2a4
-
SSDEEP
6144:UQkxoyWV9DSe6VlWT8b9TUTq4+9gp1gObGXKjgxBt25:UQtMPVle8chuTXCgxBt
Static task
static1
Behavioral task
behavioral1
Sample
DeluxaRel1.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
DeluxaRel1.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DeluxaRel1.exe
-
Size
388KB
-
MD5
b750576cd4e08f4a9804ca0cce97d127
-
SHA1
5faa5ab2f5df72f587e45420550e656dcfb35aae
-
SHA256
2d0afb9e7e14160e9df637475585fcbcf7494e57abd7cf3c117ac96e4580538d
-
SHA512
41bcdc89f7817a7a345c604ece0c305347f8e90a46e690254be19b0f2d9d1749f560ce302c207c576b536f21e34f4de84a67811760ac12c55b8ea9f27c29b2a4
-
SSDEEP
6144:UQkxoyWV9DSe6VlWT8b9TUTq4+9gp1gObGXKjgxBt25:UQtMPVle8chuTXCgxBt
Score10/10-
Modifies WinLogon for persistence
-
Modifies AppInit DLL entries
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Scheduled Task/Job
1