General

  • Target

    ExpensiveLauncher.exe

  • Size

    223KB

  • Sample

    240609-jt3wdafh4w

  • MD5

    9306fa24e6ea7eb7d1ab03cfa0b878f4

  • SHA1

    922f1908d52a119f92fead836da5a9cdf06dd8c1

  • SHA256

    62e9ed003ddd8c9ab9f4c4e651d93c9e5e7e85c3b09b9e66ce89d9929cad121a

  • SHA512

    df2f85298fd4560e8cc86b373fb7ece4b0e3f06f51250eb0659d46fea9b1dddc906b0435eb5d046f0096e7f85467cec0d0c67a5a1a868f00adff441cf3b21937

  • SSDEEP

    6144:K4Ldel1qLXRnwROVlWHFuA1GFGIO3n1eQU/:K4LdeDqLJwEVlYPMQIOXU1/

Score
10/10

Malware Config

Targets

    • Target

      ExpensiveLauncher.exe

    • Size

      223KB

    • MD5

      9306fa24e6ea7eb7d1ab03cfa0b878f4

    • SHA1

      922f1908d52a119f92fead836da5a9cdf06dd8c1

    • SHA256

      62e9ed003ddd8c9ab9f4c4e651d93c9e5e7e85c3b09b9e66ce89d9929cad121a

    • SHA512

      df2f85298fd4560e8cc86b373fb7ece4b0e3f06f51250eb0659d46fea9b1dddc906b0435eb5d046f0096e7f85467cec0d0c67a5a1a868f00adff441cf3b21937

    • SSDEEP

      6144:K4Ldel1qLXRnwROVlWHFuA1GFGIO3n1eQU/:K4LdeDqLJwEVlYPMQIOXU1/

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks