General

  • Target

    32a56b4e67436bdd3d39809a9be949b8.exe

  • Size

    275KB

  • Sample

    220923-gynwxadcg7

  • MD5

    32a56b4e67436bdd3d39809a9be949b8

  • SHA1

    dac60ca2763d18ce9451b28f4d0a1d9fbdc3f4fc

  • SHA256

    5f6475a6d18503fbc2eb916e32ed1d6b4769f58d364ef2f94c2fd1a52c9aa1df

  • SHA512

    70b8dc7b1509cfa3975c97baa4a2b49746fac2438307ab97ae67bdd0e98d2d26e05f2e83c0349234b4deb9314715aea01084fd11e7f77b2d4bba856aa7726e47

  • SSDEEP

    3072:KxWdQMVESKpObIWR9NmLp9yei5KG4ZGYV8cVpFY:KxWGYKg94rJZt

Score
8/10

Malware Config

Targets

    • Target

      32a56b4e67436bdd3d39809a9be949b8.exe

    • Size

      275KB

    • MD5

      32a56b4e67436bdd3d39809a9be949b8

    • SHA1

      dac60ca2763d18ce9451b28f4d0a1d9fbdc3f4fc

    • SHA256

      5f6475a6d18503fbc2eb916e32ed1d6b4769f58d364ef2f94c2fd1a52c9aa1df

    • SHA512

      70b8dc7b1509cfa3975c97baa4a2b49746fac2438307ab97ae67bdd0e98d2d26e05f2e83c0349234b4deb9314715aea01084fd11e7f77b2d4bba856aa7726e47

    • SSDEEP

      3072:KxWdQMVESKpObIWR9NmLp9yei5KG4ZGYV8cVpFY:KxWGYKg94rJZt

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks