General
-
Target
a8792f56e1551e5d640be438830297e1e8a2503201e8b41062d4e2ba99131fd9
-
Size
1.4MB
-
Sample
241111-g1kbhaxrap
-
MD5
01258eaa51c084ea92b1d48312e06146
-
SHA1
274d0e2a86fcadb7409e1d442cc5824067e92708
-
SHA256
a8792f56e1551e5d640be438830297e1e8a2503201e8b41062d4e2ba99131fd9
-
SHA512
b4467cec707bc6e0c9df4fa6b2ec57551f33a279044af9d1ff0546520b0b97aaa30d858c41908146dc983521689ef48e8649eaa5197cb219da006f9fbbf1a1fa
-
SSDEEP
24576:DA47OY0YbK49/8PMc9ttisJ9cwlCTZHCPDyVMxAvSUIqBfPuEtoSW1gYULYtNxXp:UC3P2JJ9ttvJoHfVMxAzBfmEaOYULwND
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
rkill.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
rkill.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
1.6MB
-
MD5
ce6eaa52767b2df78b34519231966588
-
SHA1
ab32d09951189022a1a39e9204ec9ce2926b3fcf
-
SHA256
40924781ba072ea88bd7cad3f6d2a48e87f370e1c1ee334a3415dd26b5ea17e5
-
SHA512
36a09fe704823d6db5d0982d761ba1976c940b82b7c1ca650627d66e16b420612b78c761f2ed00e533453eeb2dd7e431cf47b0c2cf826354aa6e779fda531067
-
SSDEEP
24576:Kqahn0IQ3i57AmG8W7+IZ0nwwoNR2+uBL8hxCMcIYwTxKAyuxCQyD2uG8wT5ngZx:KasHPBQxC/wTW2owTdIfpSKc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
rkill.exe
-
Size
1.7MB
-
MD5
6d622dcc87edc9a7b10d35372ade816b
-
SHA1
47d98825b03c507b85dec02a2297e03ebc925f30
-
SHA256
d4ac5b3c525a5fd94019d80ff81b552e73b19b1bd0a554b9609cdd5e1b00955a
-
SHA512
ed06f872a7c66ffeeb8cb8f6fedca06ccabf623f9cd188c4c7105428e8d6521ef8da0bac0564e14d2da914d2846369a9c04577a8cf7fb80cb62831e5497f2a58
-
SSDEEP
49152:KpEsgw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yijig:0wYJYW
Score8/10-
Drops file in Drivers directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1