General
-
Target
9d8133b2138a8f1e1e2035d0b8a82827675d77e6307ccd943f209ca5e7e5ba81
-
Size
2.1MB
-
Sample
241013-bgbmcs1dnd
-
MD5
8e3c20227c45fb59c9a595c3a78448de
-
SHA1
85b16583812a18d1d718222bd423dc0dd92eaddb
-
SHA256
9d8133b2138a8f1e1e2035d0b8a82827675d77e6307ccd943f209ca5e7e5ba81
-
SHA512
30fdcf629c43cc0ed2118a3d4ddb591d803b93e2b54c3451b7f046d662315dd5a0916ec4a22068d423a977e6847b697a8f597b749f7a505dda3b660486f7c9e1
-
SSDEEP
49152:g727d7A7yD7q7yD72747q7yD7A7yD7q7yDD:g65MmD2mD6c2mDMmD2mDD
Malware Config
Targets
-
-
Target
9d8133b2138a8f1e1e2035d0b8a82827675d77e6307ccd943f209ca5e7e5ba81
-
Size
2.1MB
-
MD5
8e3c20227c45fb59c9a595c3a78448de
-
SHA1
85b16583812a18d1d718222bd423dc0dd92eaddb
-
SHA256
9d8133b2138a8f1e1e2035d0b8a82827675d77e6307ccd943f209ca5e7e5ba81
-
SHA512
30fdcf629c43cc0ed2118a3d4ddb591d803b93e2b54c3451b7f046d662315dd5a0916ec4a22068d423a977e6847b697a8f597b749f7a505dda3b660486f7c9e1
-
SSDEEP
49152:g727d7A7yD7q7yD72747q7yD7A7yD7q7yDD:g65MmD2mD6c2mDMmD2mDD
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5