General

  • Target

    97fb7a7c67ab89c196663664c1ed0f87486e13f8ea8b2f1ce86e46e623461c9aN.exe

  • Size

    472KB

  • Sample

    241112-pmne1asfmj

  • MD5

    4cf0d4d7cf112df70ac90edbc4cd3162

  • SHA1

    06025e2e1c773a73462126ecc8ce35c130773ce0

  • SHA256

    a4913b43989ac0fa6301426b49d9526529fc63e0638f576d9e16237aa35a4ba0

  • SHA512

    dbf1f061a62acf291aafc0f30010ab03bcc75ee49836cf6ba13b061892445292df6f0d905422a4b722dc46959469baa92922969c6d43cff405e9b53d01f9577d

  • SSDEEP

    6144:Wf+Jjjou35J6i5plrzuo6/LkeYvjoIHnv0RX/VwFdLD/7MsrYMC+9GXL9M8sG3d8:hj8u3ui5pl+uBvc/V0FdYxJdRqMAT

Malware Config

Targets

    • Target

      97fb7a7c67ab89c196663664c1ed0f87486e13f8ea8b2f1ce86e46e623461c9aN.exe

    • Size

      472KB

    • MD5

      4cf0d4d7cf112df70ac90edbc4cd3162

    • SHA1

      06025e2e1c773a73462126ecc8ce35c130773ce0

    • SHA256

      a4913b43989ac0fa6301426b49d9526529fc63e0638f576d9e16237aa35a4ba0

    • SHA512

      dbf1f061a62acf291aafc0f30010ab03bcc75ee49836cf6ba13b061892445292df6f0d905422a4b722dc46959469baa92922969c6d43cff405e9b53d01f9577d

    • SSDEEP

      6144:Wf+Jjjou35J6i5plrzuo6/LkeYvjoIHnv0RX/VwFdLD/7MsrYMC+9GXL9M8sG3d8:hj8u3ui5pl+uBvc/V0FdYxJdRqMAT

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks