General

  • Target

    0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe

  • Size

    1.7MB

  • Sample

    241107-rrbywatjct

  • MD5

    b0492d9569de9b035c89d90c6eab7974

  • SHA1

    2a5f0677dceb65d7c22645b79ff8f658f77f2365

  • SHA256

    0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7

  • SHA512

    8eafa9750a2b5b8e2ea2da88858da5a2a7cd09ebb3e3232ecc08a19f2da7efee411cfc0e6a1de16240b0543e7c0ce32303f74c52e2efbe660752dd44e89ec73b

  • SSDEEP

    24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPn:ssnxU2

Malware Config

Targets

    • Target

      0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7.exe

    • Size

      1.7MB

    • MD5

      b0492d9569de9b035c89d90c6eab7974

    • SHA1

      2a5f0677dceb65d7c22645b79ff8f658f77f2365

    • SHA256

      0126f22cc71f3e2960728717d95e26f66fc47c73497434da740bc76734de49b7

    • SHA512

      8eafa9750a2b5b8e2ea2da88858da5a2a7cd09ebb3e3232ecc08a19f2da7efee411cfc0e6a1de16240b0543e7c0ce32303f74c52e2efbe660752dd44e89ec73b

    • SSDEEP

      24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPn:ssnxU2

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • UAC bypass

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks