General

  • Target

    2e942eab2c5befacb890b69e79044057.exe

  • Size

    48KB

  • Sample

    240927-pbyftsthqa

  • MD5

    2e942eab2c5befacb890b69e79044057

  • SHA1

    4d920e9e3b579ecff2169e245349ff04cee06a91

  • SHA256

    d1347d9e940bd05c1e34f37c9c716314b88fe6edd243719307df79dbaaedebfd

  • SHA512

    32393b0f360b6abb0e8fcfb5884a92225d3bbcfa0cd62eba8740f3681d08dc1fb240942c8ce928de857506f417198a1c9730f2b48c4c97c021e75275ec12ae1f

  • SSDEEP

    768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67hhPC:Ub1MsHz3JDwhyWr+N95OTga6C

Malware Config

Targets

    • Target

      2e942eab2c5befacb890b69e79044057.exe

    • Size

      48KB

    • MD5

      2e942eab2c5befacb890b69e79044057

    • SHA1

      4d920e9e3b579ecff2169e245349ff04cee06a91

    • SHA256

      d1347d9e940bd05c1e34f37c9c716314b88fe6edd243719307df79dbaaedebfd

    • SHA512

      32393b0f360b6abb0e8fcfb5884a92225d3bbcfa0cd62eba8740f3681d08dc1fb240942c8ce928de857506f417198a1c9730f2b48c4c97c021e75275ec12ae1f

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67hhPC:Ub1MsHz3JDwhyWr+N95OTga6C

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks