Overview

overview

8

Static

static

2b873cb1b8...a8.exe

windows7-x64

8

2b873cb1b8...a8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b873cb1b8eec5536a74c5ddab0472eff68cebf61757cbc317870b7192454ca8

  • Size

    5.7MB

  • Sample

    221125-ycbg5ade9x

  • MD5

    f55559f66229a8cfb591e0bcaa54c109

  • SHA1

    17006709ee364b356e564a01fd70107c69691573

  • SHA256

    2b873cb1b8eec5536a74c5ddab0472eff68cebf61757cbc317870b7192454ca8

  • SHA512

    2ae90705029c37b3cead09d64cfd18bffb5507cd7def80b4a87a4f8759f205b4b9cbb86bfea090a71b98948b638c0ea35026da3925a5a5be082087791c3089de

  • SSDEEP

    98304:J2llez/udrnJll4dP5aSGie4udyO4Okjsstz8V8bHxLcIm:J2lUzYIoSGz4ud11/qiupm

Score
8/10

Malware Config

Targets

    • Target

      2b873cb1b8eec5536a74c5ddab0472eff68cebf61757cbc317870b7192454ca8

    • Size

      5.7MB

    • MD5

      f55559f66229a8cfb591e0bcaa54c109

    • SHA1

      17006709ee364b356e564a01fd70107c69691573

    • SHA256

      2b873cb1b8eec5536a74c5ddab0472eff68cebf61757cbc317870b7192454ca8

    • SHA512

      2ae90705029c37b3cead09d64cfd18bffb5507cd7def80b4a87a4f8759f205b4b9cbb86bfea090a71b98948b638c0ea35026da3925a5a5be082087791c3089de

    • SSDEEP

      98304:J2llez/udrnJll4dP5aSGie4udyO4Okjsstz8V8bHxLcIm:J2lUzYIoSGz4ud11/qiupm

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks