Overview

overview

8

Static

static

28aa09d572...e9.exe

windows7-x64

8

28aa09d572...e9.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28aa09d572469232184004dea8ea6402528ef85dbbf9b64ab9a77064d116f0e9

  • Size

    464KB

  • Sample

    221123-k3pwjsdd81

  • MD5

    1e114977ed8b4d54c0d98c4c9393df23

  • SHA1

    ab86b9f2b64f6c6993b69f1c9bf7278eced61e70

  • SHA256

    28aa09d572469232184004dea8ea6402528ef85dbbf9b64ab9a77064d116f0e9

  • SHA512

    b8d36f288f49ec4ed7defdad9ad6b02867470029595e720d4b5ffff3a8985a9e89c6e9722a6db7a7dad46a134a53c0457224bf9c288f8ce7bb655c9c2d21fe55

  • SSDEEP

    6144:gsbaKMUtcUeGBa7J0Cn+RzI3fiUkCSPpARl/KtIfEuX7K0kzmOCe4FFBN9EP:gyaKVOUzBY0Cn91SPkoIMSKk1e45+

Score
8/10
persistence

Malware Config

Targets

    • Target

      28aa09d572469232184004dea8ea6402528ef85dbbf9b64ab9a77064d116f0e9

    • Size

      464KB

    • MD5

      1e114977ed8b4d54c0d98c4c9393df23

    • SHA1

      ab86b9f2b64f6c6993b69f1c9bf7278eced61e70

    • SHA256

      28aa09d572469232184004dea8ea6402528ef85dbbf9b64ab9a77064d116f0e9

    • SHA512

      b8d36f288f49ec4ed7defdad9ad6b02867470029595e720d4b5ffff3a8985a9e89c6e9722a6db7a7dad46a134a53c0457224bf9c288f8ce7bb655c9c2d21fe55

    • SSDEEP

      6144:gsbaKMUtcUeGBa7J0Cn+RzI3fiUkCSPpARl/KtIfEuX7K0kzmOCe4FFBN9EP:gyaKVOUzBY0Cn91SPkoIMSKk1e45+

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks