General

  • Target

    078f2f65179647c8a6af688be140138eae827e1f

  • Size

    45KB

  • Sample

    241113-yytwla1rgp

  • MD5

    fe4ee341b4e7e0d03e27893bd6070a3e

  • SHA1

    078f2f65179647c8a6af688be140138eae827e1f

  • SHA256

    fd32b776edd0656ad550b2a4981897515f5f2c793eb3d80da8fcd04f98b12222

  • SHA512

    fa0b4d10db62e06c782b09b2bd40974ec990ebf02d8a8e8f5e0932cc6cc2e91071129392a9feb57a4f33868d25f31901a2f884e54821451ba9c8d70ae420da7c

  • SSDEEP

    768:yWfoI5XPDHzT8d7tGx0cTIIW/pNCypKbmRUT0d9S5QynqjB6SQne6vrR/HNh:yWRk7tGPs1DCypKCGAd9Uqjoxe6F/HNh

Malware Config

Targets

    • Target

      078f2f65179647c8a6af688be140138eae827e1f

    • Size

      45KB

    • MD5

      fe4ee341b4e7e0d03e27893bd6070a3e

    • SHA1

      078f2f65179647c8a6af688be140138eae827e1f

    • SHA256

      fd32b776edd0656ad550b2a4981897515f5f2c793eb3d80da8fcd04f98b12222

    • SHA512

      fa0b4d10db62e06c782b09b2bd40974ec990ebf02d8a8e8f5e0932cc6cc2e91071129392a9feb57a4f33868d25f31901a2f884e54821451ba9c8d70ae420da7c

    • SSDEEP

      768:yWfoI5XPDHzT8d7tGx0cTIIW/pNCypKbmRUT0d9S5QynqjB6SQne6vrR/HNh:yWRk7tGPs1DCypKCGAd9Uqjoxe6F/HNh

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks