General

  • Target

    bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N

  • Size

    1.2MB

  • Sample

    241109-rfj54symem

  • MD5

    21e3cc6048864b054ebbc413dff52da0

  • SHA1

    f2f05391211f08cffa8adc0619cacae138bd4ef1

  • SHA256

    bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391

  • SHA512

    3bf1f9f5514273988aaf9c7f98966d1423bf53f6dd4d1fe68620e8c356286bd3c0099434d3c94582107b40a7ae44242ca316d7eb40b5a89f9b536236e378f823

  • SSDEEP

    3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cC:gRhoxrn/vmrqaTh2uMnuPea4g/Gc

Malware Config

Targets

    • Target

      bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N

    • Size

      1.2MB

    • MD5

      21e3cc6048864b054ebbc413dff52da0

    • SHA1

      f2f05391211f08cffa8adc0619cacae138bd4ef1

    • SHA256

      bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391

    • SHA512

      3bf1f9f5514273988aaf9c7f98966d1423bf53f6dd4d1fe68620e8c356286bd3c0099434d3c94582107b40a7ae44242ca316d7eb40b5a89f9b536236e378f823

    • SSDEEP

      3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cC:gRhoxrn/vmrqaTh2uMnuPea4g/Gc

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks