General

  • Target

    2025c3cc4285795c168876c48bae9c9693ba5fc0520c78318973bad73ef98837N

  • Size

    2.4MB

  • Sample

    241109-qqbfaaxrer

  • MD5

    01046d50612c0123f630747d3afab170

  • SHA1

    fa9a12209dc9bf40389d56977e1164cbdac4a78f

  • SHA256

    2025c3cc4285795c168876c48bae9c9693ba5fc0520c78318973bad73ef98837

  • SHA512

    31496f1995ec719e8ffa13a80125ef2a2720229b314b9ebcaa9cb6edea5bc439ce7adc5043c3497d9d1f893a528ec39526cc91ec263c8522ec58f81a453cc534

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+60:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttu

Malware Config

Targets

    • Target

      2025c3cc4285795c168876c48bae9c9693ba5fc0520c78318973bad73ef98837N

    • Size

      2.4MB

    • MD5

      01046d50612c0123f630747d3afab170

    • SHA1

      fa9a12209dc9bf40389d56977e1164cbdac4a78f

    • SHA256

      2025c3cc4285795c168876c48bae9c9693ba5fc0520c78318973bad73ef98837

    • SHA512

      31496f1995ec719e8ffa13a80125ef2a2720229b314b9ebcaa9cb6edea5bc439ce7adc5043c3497d9d1f893a528ec39526cc91ec263c8522ec58f81a453cc534

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+60:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttu

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks