General

  • Target

    de99c475272c7a328d0198c198af6c62107449daf28e44dc0138095c3914c6b3N.exe

  • Size

    2.4MB

  • Sample

    241112-n2219sscjk

  • MD5

    dac9b9d183946c88649a4d4c1fe2a929

  • SHA1

    278a8be03b9bd20dea6db65aa3004be955d07fbc

  • SHA256

    b39c68c4aa6780541048d2449d3013f1477a5e946539766927bbe5d0c47e86d9

  • SHA512

    5051f8834a50c68facd19d309f105d21dd9746d600d95c563fd73b728551813f39b69183a3d880b2884fd0959da405d7b8470c7d245ddec4d75ae63db1a78b57

  • SSDEEP

    49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6M:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTtta

Malware Config

Targets

    • Target

      de99c475272c7a328d0198c198af6c62107449daf28e44dc0138095c3914c6b3N.exe

    • Size

      2.4MB

    • MD5

      dac9b9d183946c88649a4d4c1fe2a929

    • SHA1

      278a8be03b9bd20dea6db65aa3004be955d07fbc

    • SHA256

      b39c68c4aa6780541048d2449d3013f1477a5e946539766927bbe5d0c47e86d9

    • SHA512

      5051f8834a50c68facd19d309f105d21dd9746d600d95c563fd73b728551813f39b69183a3d880b2884fd0959da405d7b8470c7d245ddec4d75ae63db1a78b57

    • SSDEEP

      49152:2Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+6M:f+zhGqx3WeSkKkAQOQ1y7PlXRYxxTtta

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks