General
-
Target
0c305aa7e29543ed07b581fb035d44f0N.exe
-
Size
123KB
-
Sample
240905-pn4tda1gme
-
MD5
0c305aa7e29543ed07b581fb035d44f0
-
SHA1
f9297fb44a8ada5202d38845c41f27e9069dff02
-
SHA256
56a0ef6b4418afd3eca2b852c8f0efdace0363f826007b440fb8227952a4068b
-
SHA512
a58baabe33556b7a6918993ddd1736ef876e4c0ecdc75faf693825fc4e5003c5dcc4a9c385e83a40ca4b16d6e9449ede38fbb4527424bbc71b5d004e952b5e07
-
SSDEEP
1536:bW+gAu7KvYjk4p+NLMwL4csFkcUbVuyfjDLYujjX4m4GuDOHXVUUqpJtq9rY+OLT:aqwgG8h+S4y/LYKMXpD2ypjq9rY+O
Malware Config
Targets
-
-
Target
0c305aa7e29543ed07b581fb035d44f0N.exe
-
Size
123KB
-
MD5
0c305aa7e29543ed07b581fb035d44f0
-
SHA1
f9297fb44a8ada5202d38845c41f27e9069dff02
-
SHA256
56a0ef6b4418afd3eca2b852c8f0efdace0363f826007b440fb8227952a4068b
-
SHA512
a58baabe33556b7a6918993ddd1736ef876e4c0ecdc75faf693825fc4e5003c5dcc4a9c385e83a40ca4b16d6e9449ede38fbb4527424bbc71b5d004e952b5e07
-
SSDEEP
1536:bW+gAu7KvYjk4p+NLMwL4csFkcUbVuyfjDLYujjX4m4GuDOHXVUUqpJtq9rY+OLT:aqwgG8h+S4y/LYKMXpD2ypjq9rY+O
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2