General

  • Target

    dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN

  • Size

    2.4MB

  • Sample

    241110-ba9wksvpbv

  • MD5

    7643b277c8e13650de632542bcb4d9b0

  • SHA1

    5e1119e09d6e4a8ce831b340062d1285953645a3

  • SHA256

    dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04f

  • SHA512

    cf1c46bfd7d178b91782014b58788279196375727604739eb1703f54449fb53f7cf05dc38fa5da732d7b243a8614a4051a93b43d3f80ee30a859aa92af46b143

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6N:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttH

Malware Config

Targets

    • Target

      dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04fN

    • Size

      2.4MB

    • MD5

      7643b277c8e13650de632542bcb4d9b0

    • SHA1

      5e1119e09d6e4a8ce831b340062d1285953645a3

    • SHA256

      dcb3f47c6c5999e1d7bcd6ee3c1c4374f8b7146decc0efd143b6f2c3f295b04f

    • SHA512

      cf1c46bfd7d178b91782014b58788279196375727604739eb1703f54449fb53f7cf05dc38fa5da732d7b243a8614a4051a93b43d3f80ee30a859aa92af46b143

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6N:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTttH

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks