Overview

overview

8

Static

static

3

e5a2c3bbb2...4d.exe

windows7_x64

8

e5a2c3bbb2...4d.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5a2c3bbb2aaddeeb92588bb899887c5d64f2cbc00dfe4b15afceb8f39dda04d

  • Size

    9.4MB

  • Sample

    220521-xarwnabcg7

  • MD5

    ba422a4872c96c11750ad2e27b10c76f

  • SHA1

    af3016b0a983ff753ce15bc963da1ba412cf0567

  • SHA256

    e5a2c3bbb2aaddeeb92588bb899887c5d64f2cbc00dfe4b15afceb8f39dda04d

  • SHA512

    ed4ec3d6f45b46524d60f1d39418208bd890d60df36aa47348bad72bb46f29e749c829c93a552e2f53c1d7cb60813947759891ddd8b2696f65afa2ca720e471c

Score
8/10
pyinstaller

Malware Config

Targets

    • Target

      e5a2c3bbb2aaddeeb92588bb899887c5d64f2cbc00dfe4b15afceb8f39dda04d

    • Size

      9.4MB

    • MD5

      ba422a4872c96c11750ad2e27b10c76f

    • SHA1

      af3016b0a983ff753ce15bc963da1ba412cf0567

    • SHA256

      e5a2c3bbb2aaddeeb92588bb899887c5d64f2cbc00dfe4b15afceb8f39dda04d

    • SHA512

      ed4ec3d6f45b46524d60f1d39418208bd890d60df36aa47348bad72bb46f29e749c829c93a552e2f53c1d7cb60813947759891ddd8b2696f65afa2ca720e471c

    Score
    8/10
    pyinstaller

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks