Overview

overview

8

Static

static

1996f3a365...ef.exe

windows7-x64

8

1996f3a365...ef.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1996f3a3651f87fa34498cfae77b89da8ce9e584b6bfd6abbdc95e5e54a59eef

  • Size

    194KB

  • Sample

    221125-e14zssef2t

  • MD5

    c4e9f3a491245e724403df57c11aad84

  • SHA1

    b8dd9be808b8381949f2bc70f9f03342445b981e

  • SHA256

    1996f3a3651f87fa34498cfae77b89da8ce9e584b6bfd6abbdc95e5e54a59eef

  • SHA512

    e269af0eb2113c0b3858227f1923176d808f6698b77d6d7c5eec89deb070f4e441fbc26740671602d45566b9418cc7420a785e7c2f041f52d9a05fa3f6db485e

  • SSDEEP

    6144:HDHyVG/j8MmXN6DV5sPYOI+oZCSaRpJ/mig:jSs/AMmXoD3uYOImSaRHuig

Score
8/10
persistence

Malware Config

Targets

    • Target

      1996f3a3651f87fa34498cfae77b89da8ce9e584b6bfd6abbdc95e5e54a59eef

    • Size

      194KB

    • MD5

      c4e9f3a491245e724403df57c11aad84

    • SHA1

      b8dd9be808b8381949f2bc70f9f03342445b981e

    • SHA256

      1996f3a3651f87fa34498cfae77b89da8ce9e584b6bfd6abbdc95e5e54a59eef

    • SHA512

      e269af0eb2113c0b3858227f1923176d808f6698b77d6d7c5eec89deb070f4e441fbc26740671602d45566b9418cc7420a785e7c2f041f52d9a05fa3f6db485e

    • SSDEEP

      6144:HDHyVG/j8MmXN6DV5sPYOI+oZCSaRpJ/mig:jSs/AMmXoD3uYOImSaRHuig

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks