General
-
Target
3879acb8bea89bdfb25c50b618eb02f0N.exe
-
Size
285KB
-
Sample
240816-1t4lcazbmc
-
MD5
3879acb8bea89bdfb25c50b618eb02f0
-
SHA1
8144aa985aeddff53c1da045de2f303d0cfb872f
-
SHA256
fbc838bfab48bcbac02f69d63ec8aec9647bdd8f260015157a62c48cf83f6300
-
SHA512
c789be8dd602d002cab550b37301454ed6a1eed0b6144c61f6789b2478081b56210ad3373aad9c62f03be8221816b5b7f74a849f46bbb5455a0414afe729802e
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL1:NBaBnmtOwq/+1MkU68raJRHua8G9LcoL
Malware Config
Targets
-
-
Target
3879acb8bea89bdfb25c50b618eb02f0N.exe
-
Size
285KB
-
MD5
3879acb8bea89bdfb25c50b618eb02f0
-
SHA1
8144aa985aeddff53c1da045de2f303d0cfb872f
-
SHA256
fbc838bfab48bcbac02f69d63ec8aec9647bdd8f260015157a62c48cf83f6300
-
SHA512
c789be8dd602d002cab550b37301454ed6a1eed0b6144c61f6789b2478081b56210ad3373aad9c62f03be8221816b5b7f74a849f46bbb5455a0414afe729802e
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHL1:NBaBnmtOwq/+1MkU68raJRHua8G9LcoL
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3