General

  • Target

    9e732444ef2b82c4f8206161c2a803483e13fd006e9588c29c432c421eff454c

  • Size

    1.7MB

  • Sample

    241117-jrn97syrer

  • MD5

    17f64dc134d35424e2227da435bec71f

  • SHA1

    f005f51acaa6eb3e4f06ef5ccd5f2f85d1bbf719

  • SHA256

    9e732444ef2b82c4f8206161c2a803483e13fd006e9588c29c432c421eff454c

  • SHA512

    db44e46733e78cd199bfa348a8f02223767033dc6a2947542344ac4bbcda60c69cbae966d95a85b06c6f64bfcc1d4861fe8cbe7bd499df5cb8d9766a4d46c8a7

  • SSDEEP

    12288:Xvk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSu:s1zltpu0iz

Malware Config

Targets

    • Target

      9e732444ef2b82c4f8206161c2a803483e13fd006e9588c29c432c421eff454c

    • Size

      1.7MB

    • MD5

      17f64dc134d35424e2227da435bec71f

    • SHA1

      f005f51acaa6eb3e4f06ef5ccd5f2f85d1bbf719

    • SHA256

      9e732444ef2b82c4f8206161c2a803483e13fd006e9588c29c432c421eff454c

    • SHA512

      db44e46733e78cd199bfa348a8f02223767033dc6a2947542344ac4bbcda60c69cbae966d95a85b06c6f64bfcc1d4861fe8cbe7bd499df5cb8d9766a4d46c8a7

    • SSDEEP

      12288:Xvk//qKF76/OXpqSjnTf0clY9uWC+RMpk1OC7HmrWcmbQC5onsYi2oSu:s1zltpu0iz

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks