General

  • Target

    gz ruler v7.Scr

  • Size

    3.7MB

  • Sample

    241208-1rvweszkdm

  • MD5

    316d623d9437ddbd4ef778596750ea46

  • SHA1

    f327c665c00a051b1675592802aa0d15552933cf

  • SHA256

    82b0f65acaf8ba96c879a3d16acf525b60529a0fc9f02d7efad59c04653f0e97

  • SHA512

    0f017e3a4e5e933c882c6b632bc27518352ffd60f3480362e8625bc95f20fea8990450fc4a9a6fe36a3eb3c17809aad78fb5b6ff03532261aeed7b4bc90bba9a

  • SSDEEP

    49152:N7evlixp+SNMbqmuPomyp+Hnf/Mageqs6X/TkZWI9Ebddx:NCvZuPMoctq

Malware Config

Targets

    • Target

      gz ruler v7.Scr

    • Size

      3.7MB

    • MD5

      316d623d9437ddbd4ef778596750ea46

    • SHA1

      f327c665c00a051b1675592802aa0d15552933cf

    • SHA256

      82b0f65acaf8ba96c879a3d16acf525b60529a0fc9f02d7efad59c04653f0e97

    • SHA512

      0f017e3a4e5e933c882c6b632bc27518352ffd60f3480362e8625bc95f20fea8990450fc4a9a6fe36a3eb3c17809aad78fb5b6ff03532261aeed7b4bc90bba9a

    • SSDEEP

      49152:N7evlixp+SNMbqmuPomyp+Hnf/Mageqs6X/TkZWI9Ebddx:NCvZuPMoctq

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks