Overview

overview

8

Static

static

a3e7ae1dd7...31.exe

windows7-x64

8

a3e7ae1dd7...31.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3e7ae1dd7f07ce18b36a974f9f54d19467da29423bcb2741d8b18006437d731

  • Size

    492KB

  • Sample

    221124-z6g3fade61

  • MD5

    eb6156427afa9287268637b8edb17fb8

  • SHA1

    9ce951c3e6736ed1a631cf3f24b838c2976d7e93

  • SHA256

    a3e7ae1dd7f07ce18b36a974f9f54d19467da29423bcb2741d8b18006437d731

  • SHA512

    2f4a9e4f48c2f31e8abc5041a7f7f79a1b7dfdcebcab09eb1ccabe8297390a7262e0bd48e5afb9f113ef0336c38fd890dab6e7da3aab0076a627fc1c3c7b0800

  • SSDEEP

    6144:KX/b68WUSoB7e5Q+ZcGTo3vYZxDMWouc0WgyucpzUER0u+GIIIIIIIhIIIIIIIIV:4e8/B65ZbTgAjoWltynpjm5V

Score
8/10
persistence

Malware Config

Targets

    • Target

      a3e7ae1dd7f07ce18b36a974f9f54d19467da29423bcb2741d8b18006437d731

    • Size

      492KB

    • MD5

      eb6156427afa9287268637b8edb17fb8

    • SHA1

      9ce951c3e6736ed1a631cf3f24b838c2976d7e93

    • SHA256

      a3e7ae1dd7f07ce18b36a974f9f54d19467da29423bcb2741d8b18006437d731

    • SHA512

      2f4a9e4f48c2f31e8abc5041a7f7f79a1b7dfdcebcab09eb1ccabe8297390a7262e0bd48e5afb9f113ef0336c38fd890dab6e7da3aab0076a627fc1c3c7b0800

    • SSDEEP

      6144:KX/b68WUSoB7e5Q+ZcGTo3vYZxDMWouc0WgyucpzUER0u+GIIIIIIIhIIIIIIIIV:4e8/B65ZbTgAjoWltynpjm5V

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks