General

  • Target

    4d4ea1e5a8df3cc0293e817c0154cbe8cedeab29a814470e3872aae81c096cfa

  • Size

    1.8MB

  • Sample

    250502-nmdp5atjs8

  • MD5

    1a2b24aaf09218833fcaac9977e21ac3

  • SHA1

    0305572c33252229c2d9231c4be7060f68cba09d

  • SHA256

    4d4ea1e5a8df3cc0293e817c0154cbe8cedeab29a814470e3872aae81c096cfa

  • SHA512

    a3c39ccaf4c2bdd03d81b7a55bd29ac25fed38870580026e03daaabd315b2bc2717cf76c167eb92fe09e32119c76cf4690752f004998341fbd61d23a073f1392

  • SSDEEP

    24576:ffuE/xVLerKnBd+2Y+jYhnRnLHgKjKz6swP3egWivhnwk7enF3tUrHTGQcCXaiAu:ffuE/xBwKr0nBjdXVvuF3CbTGQdqM

Malware Config

Targets

    • Target

      4d4ea1e5a8df3cc0293e817c0154cbe8cedeab29a814470e3872aae81c096cfa

    • Size

      1.8MB

    • MD5

      1a2b24aaf09218833fcaac9977e21ac3

    • SHA1

      0305572c33252229c2d9231c4be7060f68cba09d

    • SHA256

      4d4ea1e5a8df3cc0293e817c0154cbe8cedeab29a814470e3872aae81c096cfa

    • SHA512

      a3c39ccaf4c2bdd03d81b7a55bd29ac25fed38870580026e03daaabd315b2bc2717cf76c167eb92fe09e32119c76cf4690752f004998341fbd61d23a073f1392

    • SSDEEP

      24576:ffuE/xVLerKnBd+2Y+jYhnRnLHgKjKz6swP3egWivhnwk7enF3tUrHTGQcCXaiAu:ffuE/xBwKr0nBjdXVvuF3CbTGQdqM

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks