General
-
Target
3a80092ea472b92439e0c6ded4af5af65d1eafc43462449ec4c6ca46281d83e8
-
Size
783KB
-
Sample
240909-vz4kmssemd
-
MD5
dfe97db425caa43e73f3bff1096cb564
-
SHA1
2012c51ca11a50b15e994c859e891c09faf27a32
-
SHA256
3a80092ea472b92439e0c6ded4af5af65d1eafc43462449ec4c6ca46281d83e8
-
SHA512
02f24ebc77b97b997f5576b22ab149b6c17a723b2ff0dbf261c1780695ad9de7cc05526f0c1035a4f919c65cbe568b810a2dc9b53382d8e6d2d308b88fd0401c
-
SSDEEP
12288:C761wOyrC4dtJHekiIPlHB1GzVoFB6UCBmdquf0qyoOCJUp+1EwOjo4snLM9TxBu:C7M1iJHJT1DGh9idqu8HoHUp+JUsLau
Malware Config
Targets
-
-
Target
3a80092ea472b92439e0c6ded4af5af65d1eafc43462449ec4c6ca46281d83e8
-
Size
783KB
-
MD5
dfe97db425caa43e73f3bff1096cb564
-
SHA1
2012c51ca11a50b15e994c859e891c09faf27a32
-
SHA256
3a80092ea472b92439e0c6ded4af5af65d1eafc43462449ec4c6ca46281d83e8
-
SHA512
02f24ebc77b97b997f5576b22ab149b6c17a723b2ff0dbf261c1780695ad9de7cc05526f0c1035a4f919c65cbe568b810a2dc9b53382d8e6d2d308b88fd0401c
-
SSDEEP
12288:C761wOyrC4dtJHekiIPlHB1GzVoFB6UCBmdquf0qyoOCJUp+1EwOjo4snLM9TxBu:C7M1iJHJT1DGh9idqu8HoHUp+JUsLau
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1