General
-
Target
9a8a3c772c3341b233fabd273cf131d0N.exe
-
Size
3.5MB
-
Sample
240901-hwk8nsvaqk
-
MD5
9a8a3c772c3341b233fabd273cf131d0
-
SHA1
0ba4483b710e832dc2b1867d007087a3ae875195
-
SHA256
a3be4dc48dbe3193c75c2376b6287a48fbe1e4877f27a7abebfe195be756d35c
-
SHA512
3bb80085d4b288de8979b6c467e2024db7713f96b4794e065d1dc16ddc6342fd5bff95bdf7f88210ed24a7870e9491678114a3842e2747dd8dc3dcc89feb9299
-
SSDEEP
49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4aZ2EqY:Bd6x/IcuHcKAHfnEqwdDioa4NilqY
Malware Config
Targets
-
-
Target
9a8a3c772c3341b233fabd273cf131d0N.exe
-
Size
3.5MB
-
MD5
9a8a3c772c3341b233fabd273cf131d0
-
SHA1
0ba4483b710e832dc2b1867d007087a3ae875195
-
SHA256
a3be4dc48dbe3193c75c2376b6287a48fbe1e4877f27a7abebfe195be756d35c
-
SHA512
3bb80085d4b288de8979b6c467e2024db7713f96b4794e065d1dc16ddc6342fd5bff95bdf7f88210ed24a7870e9491678114a3842e2747dd8dc3dcc89feb9299
-
SSDEEP
49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4aZ2EqY:Bd6x/IcuHcKAHfnEqwdDioa4NilqY
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Modify Registry
2