Overview

overview

8

Static

static

2f3c997523...04.exe

windows7-x64

8

2f3c997523...04.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04

  • Size

    370KB

  • Sample

    221124-q1hmcabf81

  • MD5

    564bf6e1e4b3773bb3cfdad1a42d5eed

  • SHA1

    b3601c1eacf1a0662f0d892f07473e0045385a68

  • SHA256

    2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04

  • SHA512

    172e44ecb7fb114487493752bd3cd00a6eee88a041acc108493310513b3f36d274e0fbbeb28897eba5e7982ab7626d118a9f4333b493251029017d49ffe544b0

  • SSDEEP

    6144:9/aUsuryt1achgVK4wOp95awAFRxH0z6ftuSYGyQxU:9/aUsuYachgVK4/4xu6ftutGyh

Score
8/10
persistence

Malware Config

Targets

    • Target

      2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04

    • Size

      370KB

    • MD5

      564bf6e1e4b3773bb3cfdad1a42d5eed

    • SHA1

      b3601c1eacf1a0662f0d892f07473e0045385a68

    • SHA256

      2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04

    • SHA512

      172e44ecb7fb114487493752bd3cd00a6eee88a041acc108493310513b3f36d274e0fbbeb28897eba5e7982ab7626d118a9f4333b493251029017d49ffe544b0

    • SSDEEP

      6144:9/aUsuryt1achgVK4wOp95awAFRxH0z6ftuSYGyQxU:9/aUsuYachgVK4/4xu6ftutGyh

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks