General
-
Target
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe
-
Size
29KB
-
Sample
250108-fanessxjak
-
MD5
d816435436eae852ee91efc702c79146
-
SHA1
f448c6eb4839c1b4eb35b89abbc47372e92ef953
-
SHA256
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b
-
SHA512
63afa52572c72436164db9d90297954657704583416474ab6474187953689d4e4972c6b3e38015ccf479202e6e63f7211dc2a31e3d94936906189c5d20be7d0b
-
SSDEEP
384:tH9uazHF/2Q1Yvq/ZfHFh50PBdI6yctItwqXIcLc5IxmyOk+yzpasZAz5obwJTIf:tdN1vHv5J6yctstBQ+L29JTu7h
Static task
static1
Behavioral task
behavioral1
Sample
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b.exe
-
Size
29KB
-
MD5
d816435436eae852ee91efc702c79146
-
SHA1
f448c6eb4839c1b4eb35b89abbc47372e92ef953
-
SHA256
2f9103bbdc0c6c128c700d5283391fb7a27604c6de4b2506784eb077138fc47b
-
SHA512
63afa52572c72436164db9d90297954657704583416474ab6474187953689d4e4972c6b3e38015ccf479202e6e63f7211dc2a31e3d94936906189c5d20be7d0b
-
SSDEEP
384:tH9uazHF/2Q1Yvq/ZfHFh50PBdI6yctItwqXIcLc5IxmyOk+yzpasZAz5obwJTIf:tdN1vHv5J6yctstBQ+L29JTu7h
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3