General
-
Target
79534d06d99f1483c3d47515fb7fb150N.exe
-
Size
1.8MB
-
Sample
240727-bqpwcaxfjr
-
MD5
79534d06d99f1483c3d47515fb7fb150
-
SHA1
246463a688603fe18a871eb003299a0553b6beb4
-
SHA256
e53c9ef16e478d900bdcfb2ee2bdc909601cb711085cf2a8ea563e56b7a669c7
-
SHA512
2ddddc81c2d0f527752be826a791db50a6715c5889c7965da953cfe7102b2860ed3409e6e239b67a835f5c7b3f3e37cfbce1aa4a23c7f7ec67d76876421a8e15
-
SSDEEP
49152:bVA4fBDGeLp63a3/cKgzR/iJdIwQZFJD68dGYWPbmnq0G2SImeGf0g+gS6ZI8u4k:bVA4fBDGeLp6K3/cKgzR/iJdIwQZFJD3
Malware Config
Targets
-
-
Target
79534d06d99f1483c3d47515fb7fb150N.exe
-
Size
1.8MB
-
MD5
79534d06d99f1483c3d47515fb7fb150
-
SHA1
246463a688603fe18a871eb003299a0553b6beb4
-
SHA256
e53c9ef16e478d900bdcfb2ee2bdc909601cb711085cf2a8ea563e56b7a669c7
-
SHA512
2ddddc81c2d0f527752be826a791db50a6715c5889c7965da953cfe7102b2860ed3409e6e239b67a835f5c7b3f3e37cfbce1aa4a23c7f7ec67d76876421a8e15
-
SSDEEP
49152:bVA4fBDGeLp63a3/cKgzR/iJdIwQZFJD68dGYWPbmnq0G2SImeGf0g+gS6ZI8u4k:bVA4fBDGeLp6K3/cKgzR/iJdIwQZFJD3
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Impair Defenses
1Disable or Modify System Firewall
1