General
-
Target
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6eN.exe
-
Size
2.4MB
-
Sample
241112-q5pw8atgjc
-
MD5
576462fd75fddc9b09031ec1a488e260
-
SHA1
8d2ee60685accae9a3f96ae4a54ab4704454bdf4
-
SHA256
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6e
-
SHA512
bd51ac7a5a4919a56b7b69695a1facc038e5e631e6cf991e65fa8afa16dac78ed3681676553c330ed9081d1f291f5a29eb513944dadcf24df20f386eca2a6000
-
SSDEEP
49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+60:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTtt+
Behavioral task
behavioral1
Sample
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6eN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6eN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6eN.exe
-
Size
2.4MB
-
MD5
576462fd75fddc9b09031ec1a488e260
-
SHA1
8d2ee60685accae9a3f96ae4a54ab4704454bdf4
-
SHA256
8f828e682978c5f772dee9445ceb3640ddb9818507235778c548a304f41cec6e
-
SHA512
bd51ac7a5a4919a56b7b69695a1facc038e5e631e6cf991e65fa8afa16dac78ed3681676553c330ed9081d1f291f5a29eb513944dadcf24df20f386eca2a6000
-
SSDEEP
49152:5Ko2gzhGqxIaWeSkKkAQOQ1y7GklXRYxxTttMs+xyPFRwGJnunLp9u0XsA5cl+60:I+zhGqx3WeSkKkAQOQ1y7PlXRYxxTtt+
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3