b71b505560473d91f00e5f4d3f618851a775e7c70f7cf1fe3759cde75c6bf4e4 | Triage

Submit
Reports

Overview

overview

Static

static

R3P4CK/Setup.exe

windows7_x64

R3P4CK/Setup.exe

windows10-2004_x64

Sharing

General

Target

b71b505560473d91f00e5f4d3f618851a775e7c70f7cf1fe3759cde75c6bf4e4.rar
Size

3.0MB
Sample

220514-wb81wsdddn
MD5

b6626f9497dd9d5d77bb4dd4c7f77acf
SHA1

7cb50e969fba95e4e5cccedb90a301f82b8edaed
SHA256

b71b505560473d91f00e5f4d3f618851a775e7c70f7cf1fe3759cde75c6bf4e4
SHA512

ea08db4c2de47debc3483f0134b78f1d266cce4cbec4865c992d82a1c5e3e84f62092841c6631f2784e84784b6256e7619d279d97786e300a464576d893966d2

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

R3P4CK/Setup.exe

Resource

win7-20220414-en

discovery evasion exploit

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

R3P4CK/Setup.exe

Resource

win10v2004-20220414-en

discovery evasion exploit

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  R3P4CK/Setup.exe
- Size
  
  658.7MB
- MD5
  
  92f830b3101bd309b56d590e99578fc8
- SHA1
  
  f7c6e74ab4f63f09fc062657c5c404139e4de3d7
- SHA256
  
  b839a60d0cff7126b15cb0396f563d577fe4ed39cf7827228fa92bf2e5a8505f
- SHA512
  
  8cdd25d2ee551d26d4202ef210ed7d2eb01daea26193a4a332e703edf663a4a41808eb2bd661ff376216b23efc5c01729236599aae4227a22d71bf52ac9010af
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit

© 2018-2024

Terms | Privacy