8d5bbc1df6891d4e6d87702068fedfdccf2533e0fe6648aa12e62766cc20cb54 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XovLauncher.exe
Size

9KB
Sample

221107-ksqebsbbaj
MD5

abd3e1d69b885d3f98afd426b2157a8f
SHA1

e6543de93758224c0b5c7ab70e3dd0b0725a8484
SHA256

8d5bbc1df6891d4e6d87702068fedfdccf2533e0fe6648aa12e62766cc20cb54
SHA512

ac2a1863cc7b7633d120ee973b27a312e8047e5bb653a3b97207dbbe74d4ee3e4f9291e0a392b46f176cde748c1ac2f8d94936ca0fb19e133afbd269b6c6fd64
SSDEEP

192:5xyMD99zXjmYqLDv9lqvk+9xwcvkcFNtUqkAuY7vkadYdR:5xvD99jGLDv90k+9xTk6Nt/zuYDkeoR

Score

8^/10

Malware Config

Targets

- Target
  
  XovLauncher.exe
- Size
  
  9KB
- MD5
  
  abd3e1d69b885d3f98afd426b2157a8f
- SHA1
  
  e6543de93758224c0b5c7ab70e3dd0b0725a8484
- SHA256
  
  8d5bbc1df6891d4e6d87702068fedfdccf2533e0fe6648aa12e62766cc20cb54
- SHA512
  
  ac2a1863cc7b7633d120ee973b27a312e8047e5bb653a3b97207dbbe74d4ee3e4f9291e0a392b46f176cde748c1ac2f8d94936ca0fb19e133afbd269b6c6fd64
- SSDEEP
  
  192:5xyMD99zXjmYqLDv9lqvk+9xwcvkcFNtUqkAuY7vkadYdR:5xvD99jGLDv90k+9xTk6Nt/zuYDkeoR
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2