Overview

overview

8

Static

static

5

b014cb8394...06.exe

windows7-x64

8

b014cb8394...06.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b014cb83947fdbc1b51606e0adb970c9e1ae38ece393fbad764f954094958706

  • Size

    993KB

  • Sample

    221123-lp9t8sbh96

  • MD5

    6381d729b6ec6be756b66198d69f24e9

  • SHA1

    933be56a1c8877911db3682210463515a6fd852f

  • SHA256

    b014cb83947fdbc1b51606e0adb970c9e1ae38ece393fbad764f954094958706

  • SHA512

    4d9659bf1e9f2a25105c0fb0993102384f87257fa7be0400cb190a59ce1e340009c49f48a28439f0c5aedfba32ed4cbdba96761dad6dc29a35683ddbc1d96e30

  • SSDEEP

    24576:Z4lavt0LkLL9IMixoEgeam6mE0V92Lqq9MmCS:okwkn9IMHeamD92eaPCS

Score
8/10
persistence

Malware Config

Targets

    • Target

      b014cb83947fdbc1b51606e0adb970c9e1ae38ece393fbad764f954094958706

    • Size

      993KB

    • MD5

      6381d729b6ec6be756b66198d69f24e9

    • SHA1

      933be56a1c8877911db3682210463515a6fd852f

    • SHA256

      b014cb83947fdbc1b51606e0adb970c9e1ae38ece393fbad764f954094958706

    • SHA512

      4d9659bf1e9f2a25105c0fb0993102384f87257fa7be0400cb190a59ce1e340009c49f48a28439f0c5aedfba32ed4cbdba96761dad6dc29a35683ddbc1d96e30

    • SSDEEP

      24576:Z4lavt0LkLL9IMixoEgeam6mE0V92Lqq9MmCS:okwkn9IMHeamD92eaPCS

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks