General

  • Target

    dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee

  • Size

    800KB

  • Sample

    241111-m4b27aycql

  • MD5

    68e6c48eab8ee9681659d3d47d1c8442

  • SHA1

    0ce069304550e846c8ba47e3198d9c5a3980c26e

  • SHA256

    dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee

  • SHA512

    d8d32ef2d81ead9c13391738bae3368e48940dbf9c4a9c8e990ebf0f58d6d4a745f32c55472a9d704202b549954efed4ef306b2b4ad81596c6a16541118c5008

  • SSDEEP

    12288:1WUovH4E8fkLIJkqNIjqWahIKR/gsk0h97chCVhw3FdCe:1WUovLOqIJk8IjhKC077ch53y

Score
10/10

Malware Config

Targets

    • Target

      dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee

    • Size

      800KB

    • MD5

      68e6c48eab8ee9681659d3d47d1c8442

    • SHA1

      0ce069304550e846c8ba47e3198d9c5a3980c26e

    • SHA256

      dcfeefb8530d15a7f12ac21497b93b61480c922b4850a1de97693b8b97486dee

    • SHA512

      d8d32ef2d81ead9c13391738bae3368e48940dbf9c4a9c8e990ebf0f58d6d4a745f32c55472a9d704202b549954efed4ef306b2b4ad81596c6a16541118c5008

    • SSDEEP

      12288:1WUovH4E8fkLIJkqNIjqWahIKR/gsk0h97chCVhw3FdCe:1WUovLOqIJk8IjhKC077ch53y

    Score
    10/10
    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks