General

  • Target

    2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d.exe

  • Size

    88KB

  • Sample

    240613-sasqqsxfmn

  • MD5

    759f5a6e3daa4972d43bd4a5edbdeb11

  • SHA1

    36f2ac66b894e4a695f983f3214aace56ffbe2ba

  • SHA256

    2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

  • SHA512

    f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

  • SSDEEP

    1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf+xB4O5:fq6+ouCpk2mpcWJ0r+QNTBf+LV

Malware Config

Targets

    • Target

      2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d.exe

    • Size

      88KB

    • MD5

      759f5a6e3daa4972d43bd4a5edbdeb11

    • SHA1

      36f2ac66b894e4a695f983f3214aace56ffbe2ba

    • SHA256

      2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

    • SHA512

      f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

    • SSDEEP

      1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf+xB4O5:fq6+ouCpk2mpcWJ0r+QNTBf+LV

    • UAC bypass

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Scheduled Task/Job

1
T1053

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Tasks