General

  • Target

    dc3d33260077d68642105f0aa26aa06c0bb2bbc121270d5cfc180f20c006b459

  • Size

    293KB

  • Sample

    241117-lwsvas1qam

  • MD5

    a4c7e3f54f3b8c544ade4cee352b63e4

  • SHA1

    31b94efa89c10fd65e9a00387437eba7e758f491

  • SHA256

    dc3d33260077d68642105f0aa26aa06c0bb2bbc121270d5cfc180f20c006b459

  • SHA512

    1a15968909d53f79b1183acc8e0bc71d94444cff36ed0e5a7d185cdee9e88faacba68f1495a5ef335878a1e8a4acddc72e1617da71b4d04c2133bd45d6160954

  • SSDEEP

    6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJD:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSl

Malware Config

Targets

    • Target

      dc3d33260077d68642105f0aa26aa06c0bb2bbc121270d5cfc180f20c006b459

    • Size

      293KB

    • MD5

      a4c7e3f54f3b8c544ade4cee352b63e4

    • SHA1

      31b94efa89c10fd65e9a00387437eba7e758f491

    • SHA256

      dc3d33260077d68642105f0aa26aa06c0bb2bbc121270d5cfc180f20c006b459

    • SHA512

      1a15968909d53f79b1183acc8e0bc71d94444cff36ed0e5a7d185cdee9e88faacba68f1495a5ef335878a1e8a4acddc72e1617da71b4d04c2133bd45d6160954

    • SSDEEP

      6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJD:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSl

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks