Overview

overview

7

Static

static

169266e000...ce.exe

windows10_x64

7

169266e000...ce.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    169266e0000.XtuService.exe

  • Size

    63KB

  • Sample

    220514-v5mjbaddaj

  • MD5

    9c17b6cf55318ae2e38a22b76b7bcc57

  • SHA1

    1bf678ba71efee24a643ec62eebc8a1b4dc483e5

  • SHA256

    09ae5883895f3172b7678f4850a18663e3233b34c91801fa06a25136e53d3b2a

  • SHA512

    5a2273e0093ec0e0e77ca752beb1d36b0595732eacc919280dcc75d30520dd301ebeb68adf67ff37af8aefdb90d34f5cbc02991f98efb93ce8b28cccea5dd53c

Score
7/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      169266e0000.XtuService.exe

    • Size

      63KB

    • MD5

      9c17b6cf55318ae2e38a22b76b7bcc57

    • SHA1

      1bf678ba71efee24a643ec62eebc8a1b4dc483e5

    • SHA256

      09ae5883895f3172b7678f4850a18663e3233b34c91801fa06a25136e53d3b2a

    • SHA512

      5a2273e0093ec0e0e77ca752beb1d36b0595732eacc919280dcc75d30520dd301ebeb68adf67ff37af8aefdb90d34f5cbc02991f98efb93ce8b28cccea5dd53c

    Score
    7/10
    microsoftphishingpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks