Overview

overview

10

Static

static

b11fa73625...33.exe

windows7_x64

10

b11fa73625...33.exe

windows10-2004_x64

10

Resubmissions

07-01-2024 18:07

240107-wqj1bacef6 10

15-01-2022 08:36

220115-khlcmadggr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b11fa73625d6cba3dd6cf98467aea533.exe

  • Size

    419KB

  • Sample

    220115-khlcmadggr

  • MD5

    b11fa73625d6cba3dd6cf98467aea533

  • SHA1

    004d3169fb9b2b6daeec6425f6da98c99a3b63e0

  • SHA256

    d9cdd267e3c00ae4f70e60a45aa03f22b1a59b42526a692d0e5bde6b5f1b99d4

  • SHA512

    2bba5cfaeec13bda9ffb03a16d1c2af9d85be0ec13b00d9f79e3c4ffbd334a7db00addb5b52b4f89a84a8a57349e29115d93532f866d37b9914c6b832247fdea

Score
10/10
onlyloggerloader

Malware Config

Targets

    • Target

      b11fa73625d6cba3dd6cf98467aea533.exe

    • Size

      419KB

    • MD5

      b11fa73625d6cba3dd6cf98467aea533

    • SHA1

      004d3169fb9b2b6daeec6425f6da98c99a3b63e0

    • SHA256

      d9cdd267e3c00ae4f70e60a45aa03f22b1a59b42526a692d0e5bde6b5f1b99d4

    • SHA512

      2bba5cfaeec13bda9ffb03a16d1c2af9d85be0ec13b00d9f79e3c4ffbd334a7db00addb5b52b4f89a84a8a57349e29115d93532f866d37b9914c6b832247fdea

    Score
    10/10
    onlyloggerloader

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • OnlyLogger Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks