General
-
Target
efc0c9ee9fb0ef617c3d8cb29a50c650.exe
-
Size
11.1MB
-
Sample
250514-ns3lfahj4w
-
MD5
efc0c9ee9fb0ef617c3d8cb29a50c650
-
SHA1
e84f0ba3f990560ae5ba860583c20c02b81a7165
-
SHA256
e1f3bab1feda99d93daa4fd9bba80000aa4231d17d03b79db07b132b8c014c80
-
SHA512
81cb184a62cb8375ea6c8f714a75e0e61a84d5b7d6a0552551fbabacb1b2eba71e8f30dc4488556942483f4c6055822a2e0436674539b16c0a6599b373669772
-
SSDEEP
196608:blMR8+2bq8pGOiFXPcA0WwDQIdsAveFhFu0nD71d2BQfGTw:bcf2RGOyPcgQQCvezDnD71d8Kcw
Malware Config
Targets
-
-
Target
efc0c9ee9fb0ef617c3d8cb29a50c650.exe
-
Size
11.1MB
-
MD5
efc0c9ee9fb0ef617c3d8cb29a50c650
-
SHA1
e84f0ba3f990560ae5ba860583c20c02b81a7165
-
SHA256
e1f3bab1feda99d93daa4fd9bba80000aa4231d17d03b79db07b132b8c014c80
-
SHA512
81cb184a62cb8375ea6c8f714a75e0e61a84d5b7d6a0552551fbabacb1b2eba71e8f30dc4488556942483f4c6055822a2e0436674539b16c0a6599b373669772
-
SSDEEP
196608:blMR8+2bq8pGOiFXPcA0WwDQIdsAveFhFu0nD71d2BQfGTw:bcf2RGOyPcgQQCvezDnD71d8Kcw
-
Rms family
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1