General

  • Target

    c75de9eed2e00623cdfa3750ef4429b422cde318756b9ec9ddb9214564a64615N

  • Size

    1.9MB

  • Sample

    241109-n6hheswrfp

  • MD5

    d8777d3fae0457a68c3666f04ade2640

  • SHA1

    bed36718050968d1c208985ae9c4c5d09c298224

  • SHA256

    c75de9eed2e00623cdfa3750ef4429b422cde318756b9ec9ddb9214564a64615

  • SHA512

    52478604cf40ca07948e54ba5bcc85b8d6451de30f36bc2329e1004a92b28bdae94cadf93d579bac3f862b691871ced197ba458798c9640cf836ba89135632eb

  • SSDEEP

    49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z3:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo46

Malware Config

Targets

    • Target

      c75de9eed2e00623cdfa3750ef4429b422cde318756b9ec9ddb9214564a64615N

    • Size

      1.9MB

    • MD5

      d8777d3fae0457a68c3666f04ade2640

    • SHA1

      bed36718050968d1c208985ae9c4c5d09c298224

    • SHA256

      c75de9eed2e00623cdfa3750ef4429b422cde318756b9ec9ddb9214564a64615

    • SHA512

      52478604cf40ca07948e54ba5bcc85b8d6451de30f36bc2329e1004a92b28bdae94cadf93d579bac3f862b691871ced197ba458798c9640cf836ba89135632eb

    • SSDEEP

      49152:CLIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Z3:SIUXQgBiI6i2KFU0yBfM7a9QDosGeo46

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks