General

  • Target

    111c45343eae3a2b74c4bfc182eedebf499aca82b909756d6f54638b6cb606a2

  • Size

    1.6MB

  • Sample

    250502-npfbqstjx4

  • MD5

    6c48597b88b7c31038c052c1e1aa5a47

  • SHA1

    29c05c31c226e6d8dad8fb571ea950149c8e6abf

  • SHA256

    111c45343eae3a2b74c4bfc182eedebf499aca82b909756d6f54638b6cb606a2

  • SHA512

    c85dc612fc8484423aeb85cdc94a1acfe16599b1167f53c2b3d1c0325b17e37771a83e45ba1a66037472a147ea6fda13b558a57a8b48538763ff1aadc4e04ff9

  • SSDEEP

    49152:AfMzLxPMP0rifWd5hVvuF3CbTGQdqMBE:dlgS/GvMBE

Malware Config

Targets

    • Target

      111c45343eae3a2b74c4bfc182eedebf499aca82b909756d6f54638b6cb606a2

    • Size

      1.6MB

    • MD5

      6c48597b88b7c31038c052c1e1aa5a47

    • SHA1

      29c05c31c226e6d8dad8fb571ea950149c8e6abf

    • SHA256

      111c45343eae3a2b74c4bfc182eedebf499aca82b909756d6f54638b6cb606a2

    • SHA512

      c85dc612fc8484423aeb85cdc94a1acfe16599b1167f53c2b3d1c0325b17e37771a83e45ba1a66037472a147ea6fda13b558a57a8b48538763ff1aadc4e04ff9

    • SSDEEP

      49152:AfMzLxPMP0rifWd5hVvuF3CbTGQdqMBE:dlgS/GvMBE

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks