General

  • Target

    CmdRegCleaner.zip

  • Size

    280KB

  • Sample

    221124-x81w8aeb69

  • MD5

    25b18997801a18b7a535179af043eee8

  • SHA1

    24cf66eda9e7271769684de49ab32c23789665c0

  • SHA256

    773feea1bd44fec204c72fab08cd490c50a3d39d50d9a58d031eaaf2d8674c60

  • SHA512

    8beba8de31a66f3be9a2b176af70a155a901d5c80dfa4ec1ec3e0dd0e2f074caf6d74c626e8650155d3bb0c8249401753f2c682dda3c2eed6357253b53a2e175

Score
10/10

Malware Config

Targets

    • Target

      CmdRegCleaner.exe

    • Size

      418KB

    • MD5

      0aeb125525c77edc57fb2c7e97d14467

    • SHA1

      7b68218bc50ae922a1526393e9c4ef3870cc8243

    • SHA256

      c20115171317123951b4e6306bfe29a2eb83cc4dafb2d3ba99663aafd336adb3

    • SHA512

      e3bd20bda611757d1efe12e13a2e8138e167c074466512ab3248958a4a2039e128b2dafde00571455e8e1ff943e1ebaf64d2d8193598dee7baed38d16910e82f

    Score
    10/10
    • Modifies system executable filetype association

    • Executes dropped EXE

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation