General

  • Target

    cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N

  • Size

    1.7MB

  • Sample

    241031-k1qeaswrbq

  • MD5

    abc6d84e87c6cbb86464bdb5b034fa40

  • SHA1

    e5930ff627f98c9f6159eb489f08bd6651573ea3

  • SHA256

    cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534

  • SHA512

    1f2186332228ec23c993d7812fe2d85d935234929081bbb746e8dcf979d57cf78370836e90106118478ffb91aa2e9c1288f574e16d1275602b77929f8671e173

  • SSDEEP

    24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPU:ssnxUp

Malware Config

Targets

    • Target

      cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N

    • Size

      1.7MB

    • MD5

      abc6d84e87c6cbb86464bdb5b034fa40

    • SHA1

      e5930ff627f98c9f6159eb489f08bd6651573ea3

    • SHA256

      cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534

    • SHA512

      1f2186332228ec23c993d7812fe2d85d935234929081bbb746e8dcf979d57cf78370836e90106118478ffb91aa2e9c1288f574e16d1275602b77929f8671e173

    • SSDEEP

      24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPU:ssnxUp

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • UAC bypass

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks