General

  • Target

    e1d0d5c0a61b415a6b00ddf4236d9b2d4928deb76e1294525ca102aab7141d3b

  • Size

    4.5MB

  • Sample

    241031-zswnns1rew

  • MD5

    c9d0e07c9cc44205a8d80a16f604ac2c

  • SHA1

    11dec132f9f3489322ddcf4b93e73b20260baf52

  • SHA256

    e1d0d5c0a61b415a6b00ddf4236d9b2d4928deb76e1294525ca102aab7141d3b

  • SHA512

    8569aa26db5b67ce3176f095631d28f6eea040815d70e3f7ba074ef7816cc66fae37ee0e1292c6baf63eb2831314fac39406791bf84298343d38c3b1ee7f810c

  • SSDEEP

    98304:ir3ei7om95WvhmXJTlioZDTLNrTyboYHBJELwq22Dhe/YfSV:ir33r5WZuJTUo9cVhqLwq9Fe/wU

Malware Config

Targets

    • Target

      e1d0d5c0a61b415a6b00ddf4236d9b2d4928deb76e1294525ca102aab7141d3b

    • Size

      4.5MB

    • MD5

      c9d0e07c9cc44205a8d80a16f604ac2c

    • SHA1

      11dec132f9f3489322ddcf4b93e73b20260baf52

    • SHA256

      e1d0d5c0a61b415a6b00ddf4236d9b2d4928deb76e1294525ca102aab7141d3b

    • SHA512

      8569aa26db5b67ce3176f095631d28f6eea040815d70e3f7ba074ef7816cc66fae37ee0e1292c6baf63eb2831314fac39406791bf84298343d38c3b1ee7f810c

    • SSDEEP

      98304:ir3ei7om95WvhmXJTlioZDTLNrTyboYHBJELwq22Dhe/YfSV:ir33r5WZuJTUo9cVhqLwq9Fe/wU

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks