General
-
Target
506c76b3c72de227d885ad1afdcd15e83748d5c1a40da70829b6498272ccc7b9N
-
Size
293KB
-
Sample
240919-he1a9swbjk
-
MD5
b07fd2093ef9cbf9b591c711e71ec680
-
SHA1
641dcecb17c7a9c9a18efff759257ae95ff174fb
-
SHA256
506c76b3c72de227d885ad1afdcd15e83748d5c1a40da70829b6498272ccc7b9
-
SHA512
6d531a74987a06ebbe1f543e789d654cc48443c5347636ccfb69fba1084e3e48638e0b7aa1742f078a3c37a04cc58736bf17a306ac5b9e80f6be9c3036580e22
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJM:Diz+n87tArhxVjVAA6aPBwSXrk7rJoS+
Malware Config
Targets
-
-
Target
506c76b3c72de227d885ad1afdcd15e83748d5c1a40da70829b6498272ccc7b9N
-
Size
293KB
-
MD5
b07fd2093ef9cbf9b591c711e71ec680
-
SHA1
641dcecb17c7a9c9a18efff759257ae95ff174fb
-
SHA256
506c76b3c72de227d885ad1afdcd15e83748d5c1a40da70829b6498272ccc7b9
-
SHA512
6d531a74987a06ebbe1f543e789d654cc48443c5347636ccfb69fba1084e3e48638e0b7aa1742f078a3c37a04cc58736bf17a306ac5b9e80f6be9c3036580e22
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJM:Diz+n87tArhxVjVAA6aPBwSXrk7rJoS+
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3