General

  • Target

    5c0bf98f428ac235e9ed18951af08b5da721d7f1074097544ffbc55b9c51d6b3.exe

  • Size

    5.4MB

  • Sample

    241113-vmr13syqhj

  • MD5

    fec9cea19c518be63fe12f8606361ae7

  • SHA1

    f07328c17f0ae314ae1013c2b78ab8660be1c8e1

  • SHA256

    5c0bf98f428ac235e9ed18951af08b5da721d7f1074097544ffbc55b9c51d6b3

  • SHA512

    47edab327c85b7d482ffc93b51a31adb701a07806757f70d64327548e3806ae9d087b5c6618d81f229d7ad0feee2ed8ede814f768cf0bcab6046831d15a31509

  • SSDEEP

    98304:f4s6efPOEnXkHywo+EVhaecMUzG4uc96ob2d:AfefPFZs6Uruc9XbQ

Malware Config

Targets

    • Target

      5c0bf98f428ac235e9ed18951af08b5da721d7f1074097544ffbc55b9c51d6b3.exe

    • Size

      5.4MB

    • MD5

      fec9cea19c518be63fe12f8606361ae7

    • SHA1

      f07328c17f0ae314ae1013c2b78ab8660be1c8e1

    • SHA256

      5c0bf98f428ac235e9ed18951af08b5da721d7f1074097544ffbc55b9c51d6b3

    • SHA512

      47edab327c85b7d482ffc93b51a31adb701a07806757f70d64327548e3806ae9d087b5c6618d81f229d7ad0feee2ed8ede814f768cf0bcab6046831d15a31509

    • SSDEEP

      98304:f4s6efPOEnXkHywo+EVhaecMUzG4uc96ob2d:AfefPFZs6Uruc9XbQ

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Boot or Logon Autostart Execution: Authentication Package

      Suspicious Windows Authentication Registry Modification.

MITRE ATT&CK Enterprise v15

Tasks