Overview

overview

8

Static

static

28a5d4b6f3...50.exe

windows7-x64

8

28a5d4b6f3...50.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28a5d4b6f337819a379d623de0468bc51c6423b830ef6d923f1752ce209b2450

  • Size

    454KB

  • Sample

    221125-j21qzsch86

  • MD5

    cb971ae92b1d158627d7419bba78071c

  • SHA1

    2d9c21fad119114a5be5208aa57ba1ad9dd9fa80

  • SHA256

    28a5d4b6f337819a379d623de0468bc51c6423b830ef6d923f1752ce209b2450

  • SHA512

    67a7cc270d88a53af5df8748c37918f75b2e513e45b732f183d786bd11250bd83834ed263870792843b2ab45a99dc87bae1b4e2087dbe8c43e34510d852b1b7c

  • SSDEEP

    12288:iAQDua42iKNEPnJHmCUVfgHIwG4RCyR7ILlC:GLiQEPJHjUhgoQCG7ILE

Score
8/10
persistence

Malware Config

Targets

    • Target

      28a5d4b6f337819a379d623de0468bc51c6423b830ef6d923f1752ce209b2450

    • Size

      454KB

    • MD5

      cb971ae92b1d158627d7419bba78071c

    • SHA1

      2d9c21fad119114a5be5208aa57ba1ad9dd9fa80

    • SHA256

      28a5d4b6f337819a379d623de0468bc51c6423b830ef6d923f1752ce209b2450

    • SHA512

      67a7cc270d88a53af5df8748c37918f75b2e513e45b732f183d786bd11250bd83834ed263870792843b2ab45a99dc87bae1b4e2087dbe8c43e34510d852b1b7c

    • SSDEEP

      12288:iAQDua42iKNEPnJHmCUVfgHIwG4RCyR7ILlC:GLiQEPJHjUhgoQCG7ILE

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks