General

  • Target

    a1819bd50bbdedc347435143e0383b6034efa1166b27f0b33a4e3f15b1319973N

  • Size

    144KB

  • Sample

    241110-kywhjatfpe

  • MD5

    901913dd4dc5e3a8c8fb76d857ab1540

  • SHA1

    4745b030047b46d0a2962001fa5fc6abac28b73e

  • SHA256

    a1819bd50bbdedc347435143e0383b6034efa1166b27f0b33a4e3f15b1319973

  • SHA512

    017efd340200a8e900f1277de4cf18d4a9a3636865f5eeb33e89196e5ee5c072a0fa9d0185d8bf765b15700b8144819c84df3dd5a2a630d36d1c6eca16dbf02a

  • SSDEEP

    3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

Malware Config

Targets

    • Target

      a1819bd50bbdedc347435143e0383b6034efa1166b27f0b33a4e3f15b1319973N

    • Size

      144KB

    • MD5

      901913dd4dc5e3a8c8fb76d857ab1540

    • SHA1

      4745b030047b46d0a2962001fa5fc6abac28b73e

    • SHA256

      a1819bd50bbdedc347435143e0383b6034efa1166b27f0b33a4e3f15b1319973

    • SHA512

      017efd340200a8e900f1277de4cf18d4a9a3636865f5eeb33e89196e5ee5c072a0fa9d0185d8bf765b15700b8144819c84df3dd5a2a630d36d1c6eca16dbf02a

    • SSDEEP

      3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks