General
-
Target
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN
-
Size
2.4MB
-
Sample
241110-ba9wksvpbv
-
MD5
7643b277c8e13650de632542bcb4d9b0
-
SHA1
5e1119e09d6e4a8ce831b340062d1285953645a3
-
SHA256
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04f
-
SHA512
cf1c46bfd7d178b91782014b58788279196375727604739eb1703f54449fb53f7cf05dc38fa5da732d7b243a8614a4051a93b43d3f80ee30a859aa92af46b143
-
SSDEEP
49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6N:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttH
Behavioral task
behavioral1
Sample
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN
-
Size
2.4MB
-
MD5
7643b277c8e13650de632542bcb4d9b0
-
SHA1
5e1119e09d6e4a8ce831b340062d1285953645a3
-
SHA256
dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04f
-
SHA512
cf1c46bfd7d178b91782014b58788279196375727604739eb1703f54449fb53f7cf05dc38fa5da732d7b243a8614a4051a93b43d3f80ee30a859aa92af46b143
-
SSDEEP
49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6N:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttH
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3