2917d37a1531a370ed83705fac885ab8aa568886a326cf6233073436bdd2585e | Triage

Submit
Reports

Overview

overview

Static

static

8

2691ac49a4...ba.exe

windows10-2004_x64

Sharing

General

Target

2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.zip
Size

6.1MB
Sample

220518-a971labcf9
MD5

1f3c765913617a01d4954e13142589e8
SHA1

28269a052b131d1455c2e194037be1fd3b29b91a
SHA256

2917d37a1531a370ed83705fac885ab8aa568886a326cf6233073436bdd2585e
SHA512

5f0db96856854ea4ba62596f1114ec3958f259c669915f32fb4411f7959ccf4436760d7d63ca25f0f50dee0463cf13740bf7df0d4ce9414eedfdf24c02181d74

Score

10^/10

pyinstaller upx

Static task

static1

Behavioral task

behavioral1

Sample

2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://supportnimbuzz.hexat.com/3/Att.jpg

Targets

- Target
  
  2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba.exe
- Size
  
  6.1MB
- MD5
  
  5f9e61796a21e65f9a03f92ee6a8f6d8
- SHA1
  
  d6032fd04db0fbb6195b6e8d31491a3fc289f1ce
- SHA256
  
  2691ac49a444378f3c668c7eaaf0e0e0abf95c5c3053a516b3f9a78c9a8885ba
- SHA512
  
  402ed4a2a376621e2674f1539c9ec6ac85b9118cb2133054ea2d960e98bf06efdd12b50f135841872450d3e07c231d2b6d8cab91315f05771226ec2546596eeb
Score

10^/10

pyinstaller
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy