Overview

overview

8

Static

static

8ba41c7311...39.exe

windows7-x64

8

8ba41c7311...39.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ba41c7311481426b3858304c2ef122c3121123abcb9387c8b0bd300b1c5fe39

  • Size

    176KB

  • Sample

    221124-vg6bhsbf4w

  • MD5

    eebfdbc8bf820a7751f02050b0f5cd16

  • SHA1

    721db8bf3778570d6cd18fb749030ce99704d094

  • SHA256

    8ba41c7311481426b3858304c2ef122c3121123abcb9387c8b0bd300b1c5fe39

  • SHA512

    aaa37c396de5e3bdc7ef2c5ce620646192349953f7fbf7dedcdb0f3d81c24b33a6ef05a5d501c08f58df86f1fd0356ee902fccd24da20c9c5ae90aa87c15cf3f

  • SSDEEP

    3072:tsGkrEM7aAMll8bqndiaxemXELx9HRkF/aZNJosLtFLFEKWP1Ih:+V7El8bIdia50TzNJoUHLCl

Score
8/10
persistence

Malware Config

Targets

    • Target

      8ba41c7311481426b3858304c2ef122c3121123abcb9387c8b0bd300b1c5fe39

    • Size

      176KB

    • MD5

      eebfdbc8bf820a7751f02050b0f5cd16

    • SHA1

      721db8bf3778570d6cd18fb749030ce99704d094

    • SHA256

      8ba41c7311481426b3858304c2ef122c3121123abcb9387c8b0bd300b1c5fe39

    • SHA512

      aaa37c396de5e3bdc7ef2c5ce620646192349953f7fbf7dedcdb0f3d81c24b33a6ef05a5d501c08f58df86f1fd0356ee902fccd24da20c9c5ae90aa87c15cf3f

    • SSDEEP

      3072:tsGkrEM7aAMll8bqndiaxemXELx9HRkF/aZNJosLtFLFEKWP1Ih:+V7El8bIdia50TzNJoUHLCl

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks