Overview

overview

8

Static

static

setup.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup.rar

  • Size

    4.9MB

  • Sample

    221124-z1a2yadb8x

  • MD5

    75b2e6ffb6b87900684158c5c412943a

  • SHA1

    7ebd4f8a61f8a6afd4ac90c077bcbb6434182ea2

  • SHA256

    b7779d91cee6fc6df107e867ac1fee5d489cf55f321aace62728d33a8cdd6db1

  • SHA512

    1478b655a4d045677aeb8b607bd239b43c8d4dd976c217105fbd57da7999f31a05fc7afe55aa5a0eaff5baab1d76fe8ab0498876190661464c2c9d280b37490f

  • SSDEEP

    98304:wquRcp6zh+qkX0FCYqHMaxWKiqmDw4uxa0FsTcxI2hpOFD8EmroouQgP9nqKduJC:wCpkQPs+WKvM/SSQpOFD8EmrokgP53kC

Score
8/10

Malware Config

Targets

    • Target

      setup.exe

    • Size

      387.1MB

    • MD5

      4cf297f44379b977259727674212f3b6

    • SHA1

      984b21e22830bc91c079b2c4abec1d8564103015

    • SHA256

      404bfccf09e40c3a803cd963af484ab97ad41922c20fa6539de35480052b95db

    • SHA512

      78ec85b8d0cdb639baaa085af518cb95f886b39ee6a0a31b50ebdfa90a7fdef2cb38842c1f25ae31ffa207a3f1f67ae8fee97a8882df2d922f9854f796ebd2dd

    • SSDEEP

      98304:akL1HpTUVyLydhR621kJA/X470cXaWngeKgQv9X/dK:11HRUVAydn6ZAfu0cXaWgeKggc

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks