General

  • Target

    654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe

  • Size

    1.6MB

  • Sample

    241112-rwwh3sxpdm

  • MD5

    483bc574066645dc7614408c8e443e80

  • SHA1

    3609b23b50b3c81f0c19eb0fcd5ffa73991bf357

  • SHA256

    654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1ad

  • SHA512

    13f276108ad92908ae1f4d3d9b21b89b1b141b0d6909fddcb24837abe920fe90db49eade82affe2bb5c184ff180358175341bccffb2539f752d540f89f8dc4b8

  • SSDEEP

    12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2:h1zltpu0i2

Malware Config

Targets

    • Target

      654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1adN.exe

    • Size

      1.6MB

    • MD5

      483bc574066645dc7614408c8e443e80

    • SHA1

      3609b23b50b3c81f0c19eb0fcd5ffa73991bf357

    • SHA256

      654a9a0a94a5772baffa955b15b55f79b3af5c675d8ad737c5b015b3b44ef1ad

    • SHA512

      13f276108ad92908ae1f4d3d9b21b89b1b141b0d6909fddcb24837abe920fe90db49eade82affe2bb5c184ff180358175341bccffb2539f752d540f89f8dc4b8

    • SSDEEP

      12288:avk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2:h1zltpu0i2

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks