Overview

overview

8

Static

static

01ba32d9f7...11.exe

windows7-x64

8

01ba32d9f7...11.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01ba32d9f7971cc4a9d4c54a8b292ba503a97aa9316aff60cb92fe830c043e11

  • Size

    2.8MB

  • Sample

    221123-l3bjlach67

  • MD5

    d37a5711036b4836680b1b7a4c5ed776

  • SHA1

    bbf53ad54bff5dc0d467b1ae10eb86c733fa5a62

  • SHA256

    01ba32d9f7971cc4a9d4c54a8b292ba503a97aa9316aff60cb92fe830c043e11

  • SHA512

    a05d194a606024d7b22e0b85ea865e71f4577f4e437d199a04e63212f7750382f682b83ef6fe892f2d243d7466cf89091b423da14a759b130922aac5badc7db8

  • SSDEEP

    49152:SUic3k5iisbhVYGoXXHvzTa8Kril+QE0agTm/0Yi1EGllkdXeHDAjCpduZ7466gJ:SUiV5iLzoHv/lvl+QIga/0YiaWQeHDAd

Score
8/10

Malware Config

Targets

    • Target

      01ba32d9f7971cc4a9d4c54a8b292ba503a97aa9316aff60cb92fe830c043e11

    • Size

      2.8MB

    • MD5

      d37a5711036b4836680b1b7a4c5ed776

    • SHA1

      bbf53ad54bff5dc0d467b1ae10eb86c733fa5a62

    • SHA256

      01ba32d9f7971cc4a9d4c54a8b292ba503a97aa9316aff60cb92fe830c043e11

    • SHA512

      a05d194a606024d7b22e0b85ea865e71f4577f4e437d199a04e63212f7750382f682b83ef6fe892f2d243d7466cf89091b423da14a759b130922aac5badc7db8

    • SSDEEP

      49152:SUic3k5iisbhVYGoXXHvzTa8Kril+QE0agTm/0Yi1EGllkdXeHDAjCpduZ7466gJ:SUiV5iLzoHv/lvl+QIga/0YiaWQeHDAd

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks