General
-
Target
1f3c454566c4c961e2268b74eb1728045c206ab928a714af94944671fa3e3640N
-
Size
1.7MB
-
Sample
241004-fx9xbazgna
-
MD5
063ece1460f7fdd1c90f048e0b0b2570
-
SHA1
30c2396c5ff62eb40faa8ab41b0e46034f864e86
-
SHA256
1f3c454566c4c961e2268b74eb1728045c206ab928a714af94944671fa3e3640
-
SHA512
63aa5fc22b82ba2f35f9bcafbd2e49526e1baf563510b54d0f26a1de551d972bd5e59284ec8e51d8704d06844a4e5dee882732a725096aa3a43bbac8dc0583f8
-
SSDEEP
49152:1Djlabwz9PTuFszPzSYzByraGzyZkes+6bo:ZqwxMs33maGres+6k
Malware Config
Targets
-
-
Target
1f3c454566c4c961e2268b74eb1728045c206ab928a714af94944671fa3e3640N
-
Size
1.7MB
-
MD5
063ece1460f7fdd1c90f048e0b0b2570
-
SHA1
30c2396c5ff62eb40faa8ab41b0e46034f864e86
-
SHA256
1f3c454566c4c961e2268b74eb1728045c206ab928a714af94944671fa3e3640
-
SHA512
63aa5fc22b82ba2f35f9bcafbd2e49526e1baf563510b54d0f26a1de551d972bd5e59284ec8e51d8704d06844a4e5dee882732a725096aa3a43bbac8dc0583f8
-
SSDEEP
49152:1Djlabwz9PTuFszPzSYzByraGzyZkes+6bo:ZqwxMs33maGres+6k
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1