General
-
Target
48e3808d0c51c5905617e4a5d1306b40N
-
Size
1.6MB
-
Sample
240907-2qd2yszcjq
-
MD5
48e3808d0c51c5905617e4a5d1306b40
-
SHA1
b82514b87b72c6a2882a6f1195ed68a5d9787541
-
SHA256
77ef1f711861b36afba95ae9a0abed0e4c82f5817f4ba8d6cf45ea661efd8b50
-
SHA512
189b9124d8c518ac6433e91ff20dbac6818520cc171c43cd54f10882039c2685fe1c890b0e7cc00bbc96d11c20490031ad215cf0cf5af828c1b9e8d0d30a35e8
-
SSDEEP
12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYiQ:h1zltpu0iQ
Malware Config
Targets
-
-
Target
48e3808d0c51c5905617e4a5d1306b40N
-
Size
1.6MB
-
MD5
48e3808d0c51c5905617e4a5d1306b40
-
SHA1
b82514b87b72c6a2882a6f1195ed68a5d9787541
-
SHA256
77ef1f711861b36afba95ae9a0abed0e4c82f5817f4ba8d6cf45ea661efd8b50
-
SHA512
189b9124d8c518ac6433e91ff20dbac6818520cc171c43cd54f10882039c2685fe1c890b0e7cc00bbc96d11c20490031ad215cf0cf5af828c1b9e8d0d30a35e8
-
SSDEEP
12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYiQ:h1zltpu0iQ
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3