General

  • Target

    fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe

  • Size

    45KB

  • Sample

    241113-yxnyysxqbs

  • MD5

    ba17472a8155ff38b3b6fa9a17f5aa70

  • SHA1

    fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e

  • SHA256

    ed04bf92f6fdea80a5580a3dc115ab38332ad30418d4611f8942e3f8f18b45fb

  • SHA512

    6c2cb93efddb3205700c6406b3345b711c84bb64fe093dddad2cb6b16163cdb8883d8bde3b42cee2b7d82fa394fb6a5b9307252f66aef7b32bd68ae862a885d4

  • SSDEEP

    768:fWHoI5XPDHzT8d7tGjOr1IS72G5JBCASbBRUT0h9SGQ889LWrB6SSe7vrQ/HNH:fW5k7tGU1vljSVGAh9189LWroFe7M/HF

Malware Config

Targets

    • Target

      fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe

    • Size

      45KB

    • MD5

      ba17472a8155ff38b3b6fa9a17f5aa70

    • SHA1

      fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e

    • SHA256

      ed04bf92f6fdea80a5580a3dc115ab38332ad30418d4611f8942e3f8f18b45fb

    • SHA512

      6c2cb93efddb3205700c6406b3345b711c84bb64fe093dddad2cb6b16163cdb8883d8bde3b42cee2b7d82fa394fb6a5b9307252f66aef7b32bd68ae862a885d4

    • SSDEEP

      768:fWHoI5XPDHzT8d7tGjOr1IS72G5JBCASbBRUT0h9SGQ889LWrB6SSe7vrQ/HNH:fW5k7tGU1vljSVGAh9189LWroFe7M/HF

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks