Overview

overview

8

Static

static

43ba5589c7...fa.exe

windows7_x64

8

43ba5589c7...fa.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43ba5589c7129f5fd0fe309b51132240f5cdd74d0e3952ab8c48ca182e7c33fa

  • Size

    8.0MB

  • Sample

    220524-t98rnshhg4

  • MD5

    cb665cf3339786325c707e867d269b2c

  • SHA1

    b310b4681b620aa84abd1b2c149cf11c60ca0bf4

  • SHA256

    43ba5589c7129f5fd0fe309b51132240f5cdd74d0e3952ab8c48ca182e7c33fa

  • SHA512

    1fcb43a643a26d5ad510b21f9242b9cb7f6afba78af079e87329e2ebfadd88e33a7853ab821b8413b33d7dcb78815ae2ae6f0da67cb78cbf8a4ed152830d8aa1

Score
8/10
pyinstaller

Malware Config

Targets

    • Target

      43ba5589c7129f5fd0fe309b51132240f5cdd74d0e3952ab8c48ca182e7c33fa

    • Size

      8.0MB

    • MD5

      cb665cf3339786325c707e867d269b2c

    • SHA1

      b310b4681b620aa84abd1b2c149cf11c60ca0bf4

    • SHA256

      43ba5589c7129f5fd0fe309b51132240f5cdd74d0e3952ab8c48ca182e7c33fa

    • SHA512

      1fcb43a643a26d5ad510b21f9242b9cb7f6afba78af079e87329e2ebfadd88e33a7853ab821b8413b33d7dcb78815ae2ae6f0da67cb78cbf8a4ed152830d8aa1

    Score
    8/10
    pyinstaller

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks