Overview

overview

8

Static

static

2267357a15...15.exe

windows7-x64

8

2267357a15...15.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2267357a15d6051553403520d95e3c7855f21c176a65cce4998633e01474bc15

  • Size

    8.5MB

  • Sample

    221123-l28spsch64

  • MD5

    181598b1efd5cadf471a942e81a6e4f3

  • SHA1

    73b54509cfeb632fbd83edae8c1faf6645a9b953

  • SHA256

    2267357a15d6051553403520d95e3c7855f21c176a65cce4998633e01474bc15

  • SHA512

    a26c373b30abbbdb9d309faa7f87dcfb5f9977d2336a879d905ab82b3ffbe2a3964a0e7495d54e512ec6c3933a22dc83609d1ae763a7771d378f0f0ff3ac422c

  • SSDEEP

    196608:Vif7B6X6Ko54CO+hQiTgsVzwkzHL4Q5rxg1/9uY/QueuzUsh8vMoc7PBArjeG0Zd:Vi4qK6BjhQrewoHX5rx29uZueuxh8UL/

Score
8/10

Malware Config

Targets

    • Target

      2267357a15d6051553403520d95e3c7855f21c176a65cce4998633e01474bc15

    • Size

      8.5MB

    • MD5

      181598b1efd5cadf471a942e81a6e4f3

    • SHA1

      73b54509cfeb632fbd83edae8c1faf6645a9b953

    • SHA256

      2267357a15d6051553403520d95e3c7855f21c176a65cce4998633e01474bc15

    • SHA512

      a26c373b30abbbdb9d309faa7f87dcfb5f9977d2336a879d905ab82b3ffbe2a3964a0e7495d54e512ec6c3933a22dc83609d1ae763a7771d378f0f0ff3ac422c

    • SSDEEP

      196608:Vif7B6X6Ko54CO+hQiTgsVzwkzHL4Q5rxg1/9uY/QueuzUsh8vMoc7PBArjeG0Zd:Vi4qK6BjhQrewoHX5rx29uZueuxh8UL/

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks