General

  • Target

    0e9e692fec30be3c4c6d61d3ac926adae05a1ba55cd9374a3080d07bcd35dbaa.exe

  • Size

    17.0MB

  • Sample

    241121-gf3x4syemc

  • MD5

    96bf35f133c4c351e259d425d9596124

  • SHA1

    58684797094fac1b895a4b61640b26b3d2996ac4

  • SHA256

    0e9e692fec30be3c4c6d61d3ac926adae05a1ba55cd9374a3080d07bcd35dbaa

  • SHA512

    48267b65bfc3daea9a34108a548d18d09b9096d574a35ccf3e4c864077451471e86bfb4d4139c263186964c9e8b1b5e951fe96d533d7b09353a737f0c5075a05

  • SSDEEP

    6144:NLb1zp2t2koczX3GIf4O4kLsyuVKHwNsFq4hsbboPNv4Mz3wLgOIAfMdPCds2eU0:oBfZ4LAwekIZvOIw0CdgoOwM

Score
10/10

Malware Config

Targets

    • Target

      0e9e692fec30be3c4c6d61d3ac926adae05a1ba55cd9374a3080d07bcd35dbaa.exe

    • Size

      17.0MB

    • MD5

      96bf35f133c4c351e259d425d9596124

    • SHA1

      58684797094fac1b895a4b61640b26b3d2996ac4

    • SHA256

      0e9e692fec30be3c4c6d61d3ac926adae05a1ba55cd9374a3080d07bcd35dbaa

    • SHA512

      48267b65bfc3daea9a34108a548d18d09b9096d574a35ccf3e4c864077451471e86bfb4d4139c263186964c9e8b1b5e951fe96d533d7b09353a737f0c5075a05

    • SSDEEP

      6144:NLb1zp2t2koczX3GIf4O4kLsyuVKHwNsFq4hsbboPNv4Mz3wLgOIAfMdPCds2eU0:oBfZ4LAwekIZvOIw0CdgoOwM

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks