General

  • Target

    9f59c950fd5557aa45a1e58d7d47b5df58bf9fb78fdc02d3d2b17e86eef53fe4N

  • Size

    282KB

  • Sample

    241109-tklwlsxerh

  • MD5

    43645bfa28dc4e75eeeefdabc86f1d70

  • SHA1

    3c7daba9c6dc40305e5f2991296d84d6bd79d0d0

  • SHA256

    9f59c950fd5557aa45a1e58d7d47b5df58bf9fb78fdc02d3d2b17e86eef53fe4

  • SHA512

    bcc3b3ded9f9d324b73331726858b4225ef12531cfdb4808bc0a22ee91037e915c7caff525ea8222b9fe7978af4018bb996904c1c3ea95265af00101c9bbb206

  • SSDEEP

    6144:1LCj4mVF0imsl6POfE1JPZNBlwkDF5N+oS4CJA:1LquiZyBZN1J5N+oSy

Malware Config

Targets

    • Target

      9f59c950fd5557aa45a1e58d7d47b5df58bf9fb78fdc02d3d2b17e86eef53fe4N

    • Size

      282KB

    • MD5

      43645bfa28dc4e75eeeefdabc86f1d70

    • SHA1

      3c7daba9c6dc40305e5f2991296d84d6bd79d0d0

    • SHA256

      9f59c950fd5557aa45a1e58d7d47b5df58bf9fb78fdc02d3d2b17e86eef53fe4

    • SHA512

      bcc3b3ded9f9d324b73331726858b4225ef12531cfdb4808bc0a22ee91037e915c7caff525ea8222b9fe7978af4018bb996904c1c3ea95265af00101c9bbb206

    • SSDEEP

      6144:1LCj4mVF0imsl6POfE1JPZNBlwkDF5N+oS4CJA:1LquiZyBZN1J5N+oSy

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks