b495d68b0733d071e67e0c30665382decd71885af9bad1c6510ef168e5732cd3 | Triage

Submit
Reports

Overview

overview

Static

static

free_donate.exe

windows10-2004-x64

Sharing

General

Target

free_donate.exe
Size

2.7MB
Sample

221117-1j7v1sfh68
MD5

5026ed09cc5a093093461066d16a8f30
SHA1

34d60b874d9d3f8841c721692ea1daf31f330653
SHA256

b495d68b0733d071e67e0c30665382decd71885af9bad1c6510ef168e5732cd3
SHA512

2429b9d55af9abe991a182b5fe49548d31986046c3bbacaa4021dd7544752f9b2e0b5c494c989b58daafaaf604e863abe3bd013125068331538618140d67a1f1
SSDEEP

49152:HgJH+Kol630+0DW0TOWxKyuPcMPgBAnDEQ1o/40fyNHpElUZ7lPP:AJgl630pBTXVGhPYzQ1o//wElulH

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

free_donate.exe

Resource

win10v2004-20221111-en

discovery evasion exploit

windows10-2004-x64

16 signatures

120 seconds

Malware Config

Targets

- Target
  
  free_donate.exe
- Size
  
  2.7MB
- MD5
  
  5026ed09cc5a093093461066d16a8f30
- SHA1
  
  34d60b874d9d3f8841c721692ea1daf31f330653
- SHA256
  
  b495d68b0733d071e67e0c30665382decd71885af9bad1c6510ef168e5732cd3
- SHA512
  
  2429b9d55af9abe991a182b5fe49548d31986046c3bbacaa4021dd7544752f9b2e0b5c494c989b58daafaaf604e863abe3bd013125068331538618140d67a1f1
- SSDEEP
  
  49152:HgJH+Kol630+0DW0TOWxKyuPcMPgBAnDEQ1o/40fyNHpElUZ7lPP:AJgl630pBTXVGhPYzQ1o//wElulH
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

© 2018-2024

Terms | Privacy