General
-
Target
d9ad0ed4bc5a64761993e5742b7f80a6b98a3eb13866d830eefe527d56b7b280
-
Size
172KB
-
Sample
241013-egssessclr
-
MD5
836f47db0811046178129bbe3097aa7d
-
SHA1
a63d6916c8e663e80f76c51b389a3c7cec60d49c
-
SHA256
d9ad0ed4bc5a64761993e5742b7f80a6b98a3eb13866d830eefe527d56b7b280
-
SHA512
3f1c1ab2b2f12ed6ee11ebfb983c4a52e96e9598310dc6bb706795442082a5037a4b79d15912bf52e3ac0062483bee6ba0d1446177f142a7888a2343b4029bae
-
SSDEEP
3072:d14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:dnYWYhrgtRo6DSiTf3hPswa1TZjxh
Malware Config
Targets
-
-
Target
d9ad0ed4bc5a64761993e5742b7f80a6b98a3eb13866d830eefe527d56b7b280
-
Size
172KB
-
MD5
836f47db0811046178129bbe3097aa7d
-
SHA1
a63d6916c8e663e80f76c51b389a3c7cec60d49c
-
SHA256
d9ad0ed4bc5a64761993e5742b7f80a6b98a3eb13866d830eefe527d56b7b280
-
SHA512
3f1c1ab2b2f12ed6ee11ebfb983c4a52e96e9598310dc6bb706795442082a5037a4b79d15912bf52e3ac0062483bee6ba0d1446177f142a7888a2343b4029bae
-
SSDEEP
3072:d14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:dnYWYhrgtRo6DSiTf3hPswa1TZjxh
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1