General

  • Target

    3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf

  • Size

    5.5MB

  • Sample

    241126-1vjybsyjfl

  • MD5

    f76848eea998d73bdb1bb808a7526686

  • SHA1

    cce025a7112536ace2f92da5e46828d268339ab7

  • SHA256

    3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf

  • SHA512

    9fd839734326de1dfc9fd144b1fc113be0068185687baafbebed7b7831cdcd322a149f5c3b42c2c37876aec4f510171990d293e864b0907a08b595e5fc4c4da5

  • SSDEEP

    98304:q4sVoAHIDycLz+i0OAy0AZn8YMT40RWVSEOr0mxnmLsP2PUDgCEGYeXIK2hrhKH:tsVtaLCis+RYlRjEcMDP2g7aXI94

Malware Config

Targets

    • Target

      3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf

    • Size

      5.5MB

    • MD5

      f76848eea998d73bdb1bb808a7526686

    • SHA1

      cce025a7112536ace2f92da5e46828d268339ab7

    • SHA256

      3a588b6fc7d66a122adc5f3c54af44e3ccbb8c838a97ef50a700503725135bbf

    • SHA512

      9fd839734326de1dfc9fd144b1fc113be0068185687baafbebed7b7831cdcd322a149f5c3b42c2c37876aec4f510171990d293e864b0907a08b595e5fc4c4da5

    • SSDEEP

      98304:q4sVoAHIDycLz+i0OAy0AZn8YMT40RWVSEOr0mxnmLsP2PUDgCEGYeXIK2hrhKH:tsVtaLCis+RYlRjEcMDP2g7aXI94

    • Disables service(s)

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Stops running service(s)

    • A potential corporate email address has been identified in the URL: c@s

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks