Overview

overview

8

Static

static

142af2f3ea...b9.exe

windows7-x64

8

142af2f3ea...b9.exe

windows10-2004-x64

8

Resubmissions

24/09/2022, 01:31

220924-bxk6qsacg3 8

24/09/2022, 00:48

220924-a57h9sbfcn 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    142af2f3ea96882f743fa85f8bdae8faf6c40576c31133c2436c1723b9ac83b9

  • Size

    59KB

  • Sample

    220924-bxk6qsacg3

  • MD5

    50605cc91c5bf2bd2c9ee18ad3b6f2a9

  • SHA1

    d0040705b5fad9463db8796c6dead527e10261a4

  • SHA256

    142af2f3ea96882f743fa85f8bdae8faf6c40576c31133c2436c1723b9ac83b9

  • SHA512

    613fb5da4b32408eece00e39ba7e750b5c8a7be609c35dd1e2f3cfa32fa6b7676d39259190dffddb071f3629fca0300b0e70787009d276a09358e1b3c02d5f3e

  • SSDEEP

    1536:4Zvv+OXSWk0Fx8IS+f/Vjdb06oUab09h6Tiz:Av0Wpx8Ivthb0cab09h6mz

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      142af2f3ea96882f743fa85f8bdae8faf6c40576c31133c2436c1723b9ac83b9

    • Size

      59KB

    • MD5

      50605cc91c5bf2bd2c9ee18ad3b6f2a9

    • SHA1

      d0040705b5fad9463db8796c6dead527e10261a4

    • SHA256

      142af2f3ea96882f743fa85f8bdae8faf6c40576c31133c2436c1723b9ac83b9

    • SHA512

      613fb5da4b32408eece00e39ba7e750b5c8a7be609c35dd1e2f3cfa32fa6b7676d39259190dffddb071f3629fca0300b0e70787009d276a09358e1b3c02d5f3e

    • SSDEEP

      1536:4Zvv+OXSWk0Fx8IS+f/Vjdb06oUab09h6Tiz:Av0Wpx8Ivthb0cab09h6mz

    Score
    8/10
    evasionpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks