Overview

overview

8

Static

static

268e4e1c4e...c8.exe

windows7_x64

8

268e4e1c4e...c8.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    268e4e1c4e61bc89283c93047d0fba862924f7ddf7df392113227da395c85fc8

  • Size

    200KB

  • Sample

    220616-jyq3daaafk

  • MD5

    16851e27cb69503a58d0b529be90e696

  • SHA1

    3b9b3f0fe818817a82a9c88dda6af9db59af3634

  • SHA256

    268e4e1c4e61bc89283c93047d0fba862924f7ddf7df392113227da395c85fc8

  • SHA512

    2cf701f1125b570049fe2a570ef7cd904e310100ff1010fc355e181464a5d952138291dd4196ae76b9748f71edc4b6dc990d198cb0a1e72482b01e7701faf77c

Score
8/10
persistence

Malware Config

Targets

    • Target

      268e4e1c4e61bc89283c93047d0fba862924f7ddf7df392113227da395c85fc8

    • Size

      200KB

    • MD5

      16851e27cb69503a58d0b529be90e696

    • SHA1

      3b9b3f0fe818817a82a9c88dda6af9db59af3634

    • SHA256

      268e4e1c4e61bc89283c93047d0fba862924f7ddf7df392113227da395c85fc8

    • SHA512

      2cf701f1125b570049fe2a570ef7cd904e310100ff1010fc355e181464a5d952138291dd4196ae76b9748f71edc4b6dc990d198cb0a1e72482b01e7701faf77c

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Modifies AppInit DLL entries

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks