General

  • Target

    6c51f277df9973f77044dc3e8ac7ea915747a19cbae435fe6f411dc451a53493N

  • Size

    1.6MB

  • Sample

    241110-k2df5atjbx

  • MD5

    97f004d4e8190b675ab2e04bf391e740

  • SHA1

    01ff58f01d26f0688a37267cb367c9d74240f6e2

  • SHA256

    6c51f277df9973f77044dc3e8ac7ea915747a19cbae435fe6f411dc451a53493

  • SHA512

    21d8d5132a3f2d2a5cebef17bd7a19c16ee2c217c6c278e8e23aa83a12ddd8e68037867950511d8540c834919e0ae19a86b10d6a68db6f4458458ba6a92a8b37

  • SSDEEP

    12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uu:WkB4tpHlgGjlLHlFoq2d5u

Malware Config

Targets

    • Target

      6c51f277df9973f77044dc3e8ac7ea915747a19cbae435fe6f411dc451a53493N

    • Size

      1.6MB

    • MD5

      97f004d4e8190b675ab2e04bf391e740

    • SHA1

      01ff58f01d26f0688a37267cb367c9d74240f6e2

    • SHA256

      6c51f277df9973f77044dc3e8ac7ea915747a19cbae435fe6f411dc451a53493

    • SHA512

      21d8d5132a3f2d2a5cebef17bd7a19c16ee2c217c6c278e8e23aa83a12ddd8e68037867950511d8540c834919e0ae19a86b10d6a68db6f4458458ba6a92a8b37

    • SSDEEP

      12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uu:WkB4tpHlgGjlLHlFoq2d5u

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks