General

  • Target

    ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe

  • Size

    665KB

  • Sample

    241112-q7gcvstgmc

  • MD5

    4c0c38e7fad334322adc74c33eb50ac0

  • SHA1

    d0706bfa6dab31f79f7cbe6265569e8b1184dbdb

  • SHA256

    ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0

  • SHA512

    5542d4f78b1af871ab097fc2caeaeb84fb82064a73e7da94cb9d613a10e1442c924358c15f5b5fd6128eba75312096c3a66170ff087bfadaa5c9d46013e60523

  • SSDEEP

    12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8o:3Z8nkF9oySiLz72ooSru/so3V9xmFXA

Score
10/10

Malware Config

Targets

    • Target

      ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0N.exe

    • Size

      665KB

    • MD5

      4c0c38e7fad334322adc74c33eb50ac0

    • SHA1

      d0706bfa6dab31f79f7cbe6265569e8b1184dbdb

    • SHA256

      ac6a274f5fde714dfd8bba9e46bb724861e4b406ea132d119e2e872d0b58abd0

    • SHA512

      5542d4f78b1af871ab097fc2caeaeb84fb82064a73e7da94cb9d613a10e1442c924358c15f5b5fd6128eba75312096c3a66170ff087bfadaa5c9d46013e60523

    • SSDEEP

      12288:3Z8nkF9oy1ADvMKdhAS0jjLz7hoo3RpEcvALALdt/xBot/FcEic/3IWVscSfVo8o:3Z8nkF9oySiLz72ooSru/so3V9xmFXA

    Score
    10/10
    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks