5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e | Triage

Resubmissions

07-07-2022 07:45

220707-jlmt7afdal 10

07-04-2022 05:16

220407-fx5btsbhf2 8

Sharing

General

Target

BstNiggaStub.exe
Size

1017KB
Sample

220407-fx5btsbhf2
MD5

6a63a4741f5d8561a08069dab3c9afbc
SHA1

4cceb4ccf7a1d488bc7a4b67ced920c7fcbec8a2
SHA256

5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e
SHA512

1afc1ec86a900827257b7fff7f2a598a0b35ef3f489a7ea11fe0d6a130335550ac6032a18e2c425429e06aae52ed89c84697ac9d12b3080cc2ee9b95b9ca9dab

Score

8^/10

Malware Config

Targets

- Target
  
  BstNiggaStub.exe
- Size
  
  1017KB
- MD5
  
  6a63a4741f5d8561a08069dab3c9afbc
- SHA1
  
  4cceb4ccf7a1d488bc7a4b67ced920c7fcbec8a2
- SHA256
  
  5536d8e31ee96b4cdfbd1a1b485cb13960f01ddf218ee8d17f42f5f02b41d68e
- SHA512
  
  1afc1ec86a900827257b7fff7f2a598a0b35ef3f489a7ea11fe0d6a130335550ac6032a18e2c425429e06aae52ed89c84697ac9d12b3080cc2ee9b95b9ca9dab
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2