General

  • Target

    2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe

  • Size

    29KB

  • Sample

    250108-fanessxjak

  • MD5

    d816435436eae852ee91efc702c79146

  • SHA1

    f448c6eb4839c1b4eb35b89abbc47372e92ef953

  • SHA256

    2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b

  • SHA512

    63afa52572c72436164db9d90297954657704583416474ab6474187953689d4e4972c6b3e38015ccf479202e6e63f7211dc2a31e3d94936906189c5d20be7d0b

  • SSDEEP

    384:tH9uazHF/2Q1Yvq/ZfHFh50PBdI6yctItwqXIcLc5IxmyOk+yzpasZAz5obwJTIf:tdN1vHv5J6yctstBQ+L29JTu7h

Malware Config

Targets

    • Target

      2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe

    • Size

      29KB

    • MD5

      d816435436eae852ee91efc702c79146

    • SHA1

      f448c6eb4839c1b4eb35b89abbc47372e92ef953

    • SHA256

      2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b

    • SHA512

      63afa52572c72436164db9d90297954657704583416474ab6474187953689d4e4972c6b3e38015ccf479202e6e63f7211dc2a31e3d94936906189c5d20be7d0b

    • SSDEEP

      384:tH9uazHF/2Q1Yvq/ZfHFh50PBdI6yctItwqXIcLc5IxmyOk+yzpasZAz5obwJTIf:tdN1vHv5J6yctstBQ+L29JTu7h

    • UAC bypass

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks