General
-
Target
𝗞𝗠𝗦𝗣𝗜𝗖𝗢.exe
-
Size
10.9MB
-
Sample
240709-14kwzs1akf
-
MD5
2228c81d196bac623a5b8fcdb65470cf
-
SHA1
2c3acebfd15152e3cdfc90eccb559915d5cb5ced
-
SHA256
0813e7784f2cf3121bc796f2e58c85388068e8c5ec6db5776613755d3735fb02
-
SHA512
bd02ba97506956f23fb268bfc0da2982cf531a1f9d8fbb0fc18152696b9c5cb6150dc3e04c2135089c4d13ed615170bb356aa38f374f515aab52e96cc188ea72
-
SSDEEP
98304:35FDEPMxzxILNcM9ESDHdy6jS7+YKVMUyVKXe0:3NxzxIpSSPui
Malware Config
Targets
-
-
Target
𝗞𝗠𝗦𝗣𝗜𝗖𝗢.exe
-
Size
10.9MB
-
MD5
2228c81d196bac623a5b8fcdb65470cf
-
SHA1
2c3acebfd15152e3cdfc90eccb559915d5cb5ced
-
SHA256
0813e7784f2cf3121bc796f2e58c85388068e8c5ec6db5776613755d3735fb02
-
SHA512
bd02ba97506956f23fb268bfc0da2982cf531a1f9d8fbb0fc18152696b9c5cb6150dc3e04c2135089c4d13ed615170bb356aa38f374f515aab52e96cc188ea72
-
SSDEEP
98304:35FDEPMxzxILNcM9ESDHdy6jS7+YKVMUyVKXe0:3NxzxIpSSPui
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1