General

  • Target

    9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef

  • Size

    4.8MB

  • Sample

    241122-fryl4a1kbm

  • MD5

    afae6de1734adf4d3f2f771d0dcd29ab

  • SHA1

    176f4cec23d9c252384906384ae06420d12cdaf5

  • SHA256

    9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef

  • SHA512

    0d6e3bc9dac5aa5b99caf2af20c7f5a3825d3f4482a1b7157d1e9d97c3af8763229f7737b953787decc46db7cf63a9fe1e8b97f3a56a8b7ea1fe37d8c63de8b6

  • SSDEEP

    98304:Ogtuj9fv6/BZXxkI4PG1f5eLM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300m:3iuBZBkIhheLM/Cw/khc5FbKEV6PVR7p

Malware Config

Targets

    • Target

      9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef

    • Size

      4.8MB

    • MD5

      afae6de1734adf4d3f2f771d0dcd29ab

    • SHA1

      176f4cec23d9c252384906384ae06420d12cdaf5

    • SHA256

      9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef

    • SHA512

      0d6e3bc9dac5aa5b99caf2af20c7f5a3825d3f4482a1b7157d1e9d97c3af8763229f7737b953787decc46db7cf63a9fe1e8b97f3a56a8b7ea1fe37d8c63de8b6

    • SSDEEP

      98304:Ogtuj9fv6/BZXxkI4PG1f5eLM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300m:3iuBZBkIhheLM/Cw/khc5FbKEV6PVR7p

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks