General

  • Size

    23KB

  • Sample

    220923-g3a6lshceq

  • MD5

    e741d5bfc78ea9002c079dc8aeee3a19

  • SHA1

    67e008479b7b59af8af6a697a9a8631f8973ed0a

  • SHA256

    3dcc436b69d621e1d71123ac70836d6f861ba82fc6551390d6702a9670d07767

  • SHA512

    e8dd44773abfc86de1a234e33b850b86d762d32232c056b5362857b9f6293ade6fd9164a4eb6e88053eefa01415dfd4da49bab29d6d25fd2f0b565745cb9166c

Score
8/10

Malware Config

Targets

    • Target

      Windows_Host.exe

    • Size

      23KB

    • MD5

      e741d5bfc78ea9002c079dc8aeee3a19

    • SHA1

      67e008479b7b59af8af6a697a9a8631f8973ed0a

    • SHA256

      3dcc436b69d621e1d71123ac70836d6f861ba82fc6551390d6702a9670d07767

    • SHA512

      e8dd44773abfc86de1a234e33b850b86d762d32232c056b5362857b9f6293ade6fd9164a4eb6e88053eefa01415dfd4da49bab29d6d25fd2f0b565745cb9166c

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Registers COM server for autorun

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation