General

  • Target

    508ee23e962d7ad66c4a7eaee52f9f59cf49b8560b7817c8cc6606af638960e4N

  • Size

    1.7MB

  • Sample

    241104-f9l11sxnhj

  • MD5

    131efa9eb4b24318b28f753b3536f540

  • SHA1

    f368f6c0e863f82fd5bbf09e80c416b6d92da89f

  • SHA256

    508ee23e962d7ad66c4a7eaee52f9f59cf49b8560b7817c8cc6606af638960e4

  • SHA512

    14797deeac264ecf7fb8d4485073583e99e62f6debf3677446209263bafeaa7b2a9d036fc310cb7ec4384c333eb0c1dab7e2d5d9ae2e2f80d578caf9b987efeb

  • SSDEEP

    24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPt:ssnxUe

Malware Config

Targets

    • Target

      508ee23e962d7ad66c4a7eaee52f9f59cf49b8560b7817c8cc6606af638960e4N

    • Size

      1.7MB

    • MD5

      131efa9eb4b24318b28f753b3536f540

    • SHA1

      f368f6c0e863f82fd5bbf09e80c416b6d92da89f

    • SHA256

      508ee23e962d7ad66c4a7eaee52f9f59cf49b8560b7817c8cc6606af638960e4

    • SHA512

      14797deeac264ecf7fb8d4485073583e99e62f6debf3677446209263bafeaa7b2a9d036fc310cb7ec4384c333eb0c1dab7e2d5d9ae2e2f80d578caf9b987efeb

    • SSDEEP

      24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPt:ssnxUe

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • UAC bypass

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks