General
-
Target
98ddddb682269bfc21be18eb4fe0fb3251fe282e050ea9b598b66d20c32c1c45N.exe
-
Size
293KB
-
Sample
241203-t8424atnex
-
MD5
f4ba013db8f239ada3030a709295d370
-
SHA1
365f4d2e5b1bed7cb215bad5231247bf2fe968d7
-
SHA256
98ddddb682269bfc21be18eb4fe0fb3251fe282e050ea9b598b66d20c32c1c45
-
SHA512
3b795de69d5ebe5ada56bbb3e66f10aa0a43655a4eca4a82f1ee089a543d6b03120d5b8c56c0a3636e4e84761dde901c0f91081f17b906816829553f20de151e
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJo:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSi
Malware Config
Targets
-
-
Target
98ddddb682269bfc21be18eb4fe0fb3251fe282e050ea9b598b66d20c32c1c45N.exe
-
Size
293KB
-
MD5
f4ba013db8f239ada3030a709295d370
-
SHA1
365f4d2e5b1bed7cb215bad5231247bf2fe968d7
-
SHA256
98ddddb682269bfc21be18eb4fe0fb3251fe282e050ea9b598b66d20c32c1c45
-
SHA512
3b795de69d5ebe5ada56bbb3e66f10aa0a43655a4eca4a82f1ee089a543d6b03120d5b8c56c0a3636e4e84761dde901c0f91081f17b906816829553f20de151e
-
SSDEEP
6144:g750HizPy7n+g47wSAr2QxMcnpjRBM8Aat6E5PB0beIwa2pX8EIHBZrfxoS4iJo:Diz+n87tArhxVjVAA6aPBwSXrk7rJoSi
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3