General

  • Target

    5aedf5b0bdf3461015ea53e931e3726d27d55a918ade527f17dafccac3e28149

  • Size

    5.7MB

  • Sample

    241112-2dywlawkdm

  • MD5

    301b9f7d25e1dbe5a1133ec81f08ba43

  • SHA1

    3c3937a1b48bde8511d766a8e9da8dc32bfbb650

  • SHA256

    5aedf5b0bdf3461015ea53e931e3726d27d55a918ade527f17dafccac3e28149

  • SHA512

    53240d157f2559e3ead2a417384de8de17c794f999140d2aa3fd1e89bde66aa7d4d4ec7b9dccd9ff43e80ae4b5e0c66942ddc3eaec2d36f7342b09aef444900c

  • SSDEEP

    98304:OKWkkjaHjTo82Pb0c0NZrq9BRVvUdowc9cDbuHn54Ls:bWfszNpiRVxK654A

Malware Config

Targets

    • Target

      5aedf5b0bdf3461015ea53e931e3726d27d55a918ade527f17dafccac3e28149

    • Size

      5.7MB

    • MD5

      301b9f7d25e1dbe5a1133ec81f08ba43

    • SHA1

      3c3937a1b48bde8511d766a8e9da8dc32bfbb650

    • SHA256

      5aedf5b0bdf3461015ea53e931e3726d27d55a918ade527f17dafccac3e28149

    • SHA512

      53240d157f2559e3ead2a417384de8de17c794f999140d2aa3fd1e89bde66aa7d4d4ec7b9dccd9ff43e80ae4b5e0c66942ddc3eaec2d36f7342b09aef444900c

    • SSDEEP

      98304:OKWkkjaHjTo82Pb0c0NZrq9BRVvUdowc9cDbuHn54Ls:bWfszNpiRVxK654A

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks