General
-
Target
a00568cd65498e5d2b73d98969644450N.exe
-
Size
140KB
-
Sample
240905-lpezvsxekm
-
MD5
a00568cd65498e5d2b73d98969644450
-
SHA1
e854c73e50fd5c1c599c6f9a752816b53041a627
-
SHA256
26fc829183c2524cb953e2969f52432022504b43fc54fe153be94dd2050aa436
-
SHA512
0cb8991f67a6d782b97500395f86f51d64dc56d1aca570d86daaa1e27d43654f9525200957222c9aef89065461820296aa9f6554044e59446dacede43df1c502
-
SSDEEP
3072:QaSWX3vu3XuIcN6/xbccM3hDL8fyUha5fJinK:QaD/uuIcNmL08dhaRJiK
Malware Config
Targets
-
-
Target
a00568cd65498e5d2b73d98969644450N.exe
-
Size
140KB
-
MD5
a00568cd65498e5d2b73d98969644450
-
SHA1
e854c73e50fd5c1c599c6f9a752816b53041a627
-
SHA256
26fc829183c2524cb953e2969f52432022504b43fc54fe153be94dd2050aa436
-
SHA512
0cb8991f67a6d782b97500395f86f51d64dc56d1aca570d86daaa1e27d43654f9525200957222c9aef89065461820296aa9f6554044e59446dacede43df1c502
-
SSDEEP
3072:QaSWX3vu3XuIcN6/xbccM3hDL8fyUha5fJinK:QaD/uuIcNmL08dhaRJiK
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2