General
-
Target
sample
-
Size
519KB
-
Sample
241121-vg12ssyjfl
-
MD5
40660850dabbd015070501642a895ea6
-
SHA1
3758f4b3a6a7662559af3e9b13c02161bdaa572f
-
SHA256
63a29ed055327bdf041900570b08e0ba234316631a2bf18b3afec386c762975b
-
SHA512
e5cfb4350a1f6e82f92bdd9fb855e51295fa54878e2a4187616676b9b1bd6c9885a4d53fc92233c089c74fe4e0f22abcd1cb1ecf58d775f3cc16b248dbbc9335
-
SSDEEP
6144:6xo5+y5+i5+J5+Y5+x5+Z5+15+25+Y5+2LLDh9:6q5Z5n5I575M545G5t5B5Ph9
Malware Config
Targets
-
-
Target
sample
-
Size
519KB
-
MD5
40660850dabbd015070501642a895ea6
-
SHA1
3758f4b3a6a7662559af3e9b13c02161bdaa572f
-
SHA256
63a29ed055327bdf041900570b08e0ba234316631a2bf18b3afec386c762975b
-
SHA512
e5cfb4350a1f6e82f92bdd9fb855e51295fa54878e2a4187616676b9b1bd6c9885a4d53fc92233c089c74fe4e0f22abcd1cb1ecf58d775f3cc16b248dbbc9335
-
SSDEEP
6144:6xo5+y5+i5+J5+Y5+x5+Z5+15+25+Y5+2LLDh9:6q5Z5n5I575M545G5t5B5Ph9
Score8/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
A potential corporate email address has been identified in the URL: RobotoSlabwght@900
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
2