General
-
Target
Loaderunpac4.exe
-
Size
1.1MB
-
Sample
241121-p126basgnn
-
MD5
2e2169e859d21c8b8d56ab4f8c732a12
-
SHA1
e4b06667879a7fa15d3e4f0d63b0014bd6c701fa
-
SHA256
56258a7cce841ad3b4b8fba3e980a5ed1b13213bca684a81d3295b04803cb8ba
-
SHA512
5326c36ea2d381d8efe41b0ddac95f8bff9225411c3905489ab4b8081e1c666a99a662f24de842cac800541cbc5a338476c41804600792519a07064cc95df16f
-
SSDEEP
24576:9u9MQzEf7H539Fc7eApy0Qu0Xiok9VQSnJULVqtIZo3:HQwzB9FRX0919zNtI
Malware Config
Targets
-
-
Target
Loaderunpac4.exe
-
Size
1.1MB
-
MD5
2e2169e859d21c8b8d56ab4f8c732a12
-
SHA1
e4b06667879a7fa15d3e4f0d63b0014bd6c701fa
-
SHA256
56258a7cce841ad3b4b8fba3e980a5ed1b13213bca684a81d3295b04803cb8ba
-
SHA512
5326c36ea2d381d8efe41b0ddac95f8bff9225411c3905489ab4b8081e1c666a99a662f24de842cac800541cbc5a338476c41804600792519a07064cc95df16f
-
SSDEEP
24576:9u9MQzEf7H539Fc7eApy0Qu0Xiok9VQSnJULVqtIZo3:HQwzB9FRX0919zNtI
Score8/10-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1