Overview

overview

8

Static

static

1

558023eaa4...72.exe

windows7-x64

7

558023eaa4...72.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    558023eaa4cd1b3a25c9b795a3d919cf44eb6cacb02e7f24f1556563cac60d72

  • Size

    268KB

  • Sample

    221123-m443zafg83

  • MD5

    638b6ad945da3ea18fce838d529042fb

  • SHA1

    c8596bf6c89aa2dab6dde43d54ca383237f0e8ec

  • SHA256

    558023eaa4cd1b3a25c9b795a3d919cf44eb6cacb02e7f24f1556563cac60d72

  • SHA512

    c3e419ced58d36ff6c329a90b91a759ee2b463d1fbf6911ced481fd0b47b8ef7487109f5a59528370aed015c6023671e8e3e37ff3b21697d0f9e2e9db3284424

  • SSDEEP

    6144:psTU1zmDhGRhA+6W9Xx9A35QPaqPNuFrdiJt313DItN6lDdK:WU1zmlaSTW9h9A3uVQ6lDdK

Score
8/10
persistence

Malware Config

Targets

    • Target

      558023eaa4cd1b3a25c9b795a3d919cf44eb6cacb02e7f24f1556563cac60d72

    • Size

      268KB

    • MD5

      638b6ad945da3ea18fce838d529042fb

    • SHA1

      c8596bf6c89aa2dab6dde43d54ca383237f0e8ec

    • SHA256

      558023eaa4cd1b3a25c9b795a3d919cf44eb6cacb02e7f24f1556563cac60d72

    • SHA512

      c3e419ced58d36ff6c329a90b91a759ee2b463d1fbf6911ced481fd0b47b8ef7487109f5a59528370aed015c6023671e8e3e37ff3b21697d0f9e2e9db3284424

    • SSDEEP

      6144:psTU1zmDhGRhA+6W9Xx9A35QPaqPNuFrdiJt313DItN6lDdK:WU1zmlaSTW9h9A3uVQ6lDdK

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks