General

  • Target

    dc878d732bb3d91d563d1cd92590fc779d05158263d6461f694dbb1c69683ef1N

  • Size

    405KB

  • Sample

    241112-rd3jnsthnj

  • MD5

    2ecdf709804ba16898ef685bc2c94740

  • SHA1

    09604599e8a761a85198d823163b9e2995a67968

  • SHA256

    dc878d732bb3d91d563d1cd92590fc779d05158263d6461f694dbb1c69683ef1

  • SHA512

    94728a1b711369570b0e969eb91223b4fed0d2c110cd321ecb566ea5ba36a81b9b0c8e190e70c8a02fec8ea5cd732f4b9c8e0c0b155f1cbb6e7a4468a223a123

  • SSDEEP

    6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJr6:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xS

Malware Config

Targets

    • Target

      dc878d732bb3d91d563d1cd92590fc779d05158263d6461f694dbb1c69683ef1N

    • Size

      405KB

    • MD5

      2ecdf709804ba16898ef685bc2c94740

    • SHA1

      09604599e8a761a85198d823163b9e2995a67968

    • SHA256

      dc878d732bb3d91d563d1cd92590fc779d05158263d6461f694dbb1c69683ef1

    • SHA512

      94728a1b711369570b0e969eb91223b4fed0d2c110cd321ecb566ea5ba36a81b9b0c8e190e70c8a02fec8ea5cd732f4b9c8e0c0b155f1cbb6e7a4468a223a123

    • SSDEEP

      6144:foYn9sE89XKTK/J6brj3nmHWrt63P5A9GJ6vbmF4ifKyjlKI4r3mzzrLVIo8ZJr6:ZsNDBIrCHWux6iFTJf4r2zPBv8Xi8xS

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks