General

  • Target

    audiorelay-0.27.5.exe

  • Size

    68.2MB

  • Sample

    241113-tqhq5svgqk

  • MD5

    30d70f502763c9679fec9f89be8297c6

  • SHA1

    55d747af7b070a0635a4437b903440e4f6437511

  • SHA256

    ef4b2398d492a12ee25d25917b725294523b97bb6e532bed1a3e5ff020d6368f

  • SHA512

    982d76cdb13259b130530be2777616cfb2e33080bf82cb576fa7fed6a90e5a118cb88f4204a1187b52033f80b3d1a12b1cb64e1d6b2822b513217aed3957f471

  • SSDEEP

    1572864:pV2NqQ8RnncnCqywbmHAOs9CJxjmsrkHlmPPloE/4g1:pV2sQ8KEPgh9uvr8mPuE/

Malware Config

Targets

    • Target

      audiorelay-0.27.5.exe

    • Size

      68.2MB

    • MD5

      30d70f502763c9679fec9f89be8297c6

    • SHA1

      55d747af7b070a0635a4437b903440e4f6437511

    • SHA256

      ef4b2398d492a12ee25d25917b725294523b97bb6e532bed1a3e5ff020d6368f

    • SHA512

      982d76cdb13259b130530be2777616cfb2e33080bf82cb576fa7fed6a90e5a118cb88f4204a1187b52033f80b3d1a12b1cb64e1d6b2822b513217aed3957f471

    • SSDEEP

      1572864:pV2NqQ8RnncnCqywbmHAOs9CJxjmsrkHlmPPloE/4g1:pV2sQ8KEPgh9uvr8mPuE/

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks