General

  • Target

    e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c

  • Size

    48KB

  • Sample

    241111-zr7pjsweqj

  • MD5

    d83cac8ac77e88472b7d1a46b4bdc006

  • SHA1

    ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0

  • SHA256

    e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c

  • SHA512

    a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e

  • SSDEEP

    768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67

Malware Config

Extracted

Family

runningrat

C2

120.79.191.234

Targets

    • Target

      e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c

    • Size

      48KB

    • MD5

      d83cac8ac77e88472b7d1a46b4bdc006

    • SHA1

      ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0

    • SHA256

      e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c

    • SHA512

      a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks