Overview

overview

8

Static

static

Next Space...-1.exe

windows10-1703-x64

8

Next Space...-1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Next Space Rebels_y7DMS-1.exe

  • Size

    13.9MB

  • Sample

    220924-z9c8nacag5

  • MD5

    4c35e8adb6b921be8b837ad059f06eb0

  • SHA1

    db212b0561733b398136e3d4484d0b5b4a34233d

  • SHA256

    a3fb3df5d8b8911a05430088a300b8ca4bc233f43e0bec3bc9162350718f08e2

  • SHA512

    1e2c978f78d2ad271fe608dbc311492e257cef26ab43af131bdb718ba9c973524a5f30a5a6efdb9b20701d36eba577a511a2b56c206126daf2210eb5e24378d1

  • SSDEEP

    393216:3ZN30LpEiSCC9XSpIFwah3RuINhkUkdOQ9:zkLps9Xhrhhuahkx0Q9

Score
8/10
evasion

Malware Config

Targets

    • Target

      Next Space Rebels_y7DMS-1.exe

    • Size

      13.9MB

    • MD5

      4c35e8adb6b921be8b837ad059f06eb0

    • SHA1

      db212b0561733b398136e3d4484d0b5b4a34233d

    • SHA256

      a3fb3df5d8b8911a05430088a300b8ca4bc233f43e0bec3bc9162350718f08e2

    • SHA512

      1e2c978f78d2ad271fe608dbc311492e257cef26ab43af131bdb718ba9c973524a5f30a5a6efdb9b20701d36eba577a511a2b56c206126daf2210eb5e24378d1

    • SSDEEP

      393216:3ZN30LpEiSCC9XSpIFwah3RuINhkUkdOQ9:zkLps9Xhrhhuahkx0Q9

    Score
    8/10
    evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks