General
-
Target
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N
-
Size
1.2MB
-
Sample
241109-rfj54symem
-
MD5
21e3cc6048864b054ebbc413dff52da0
-
SHA1
f2f05391211f08cffa8adc0619cacae138bd4ef1
-
SHA256
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391
-
SHA512
3bf1f9f5514273988aaf9c7f98966d1423bf53f6dd4d1fe68620e8c356286bd3c0099434d3c94582107b40a7ae44242ca316d7eb40b5a89f9b536236e378f823
-
SSDEEP
3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cC:gRhoxrn/vmrqaTh2uMnuPea4g/Gc
Behavioral task
behavioral1
Sample
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391N
-
Size
1.2MB
-
MD5
21e3cc6048864b054ebbc413dff52da0
-
SHA1
f2f05391211f08cffa8adc0619cacae138bd4ef1
-
SHA256
bf56b2c9ee0f670ede57aa6685570a67388b6ebdb3dd15e93879829204b95391
-
SHA512
3bf1f9f5514273988aaf9c7f98966d1423bf53f6dd4d1fe68620e8c356286bd3c0099434d3c94582107b40a7ae44242ca316d7eb40b5a89f9b536236e378f823
-
SSDEEP
3072:gRRHyoBg8zJRAxuU+N6ET/d9ArfCS3VT62FQwiDefNbaSBVpMQRQ8imgCQIqi/cC:gRhoxrn/vmrqaTh2uMnuPea4g/Gc
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3