eede42eeca806541c5b31e3feb78f56f7bebedc56b2fbf0ef6512b0056981ef1 | Triage

Sharing

General

Target

eede42eeca806541c5b31e3feb78f56f7bebedc56b2fbf0ef6512b0056981ef1
Size

3.7MB
Sample

221125-ycfrvadf2v
MD5

16664500c15ca3ca2c6406141529a000
SHA1

703b800d6370c22f5e231bed2fe49d468711d684
SHA256

eede42eeca806541c5b31e3feb78f56f7bebedc56b2fbf0ef6512b0056981ef1
SHA512

3748665e22b81ab51c92a64c93c479daec40d4147e3e29e545bd69b1f31152b9c52a57a60874999d7a5cbd9bbf260c0e934a843b4d1f47a01004cc35075c3b34
SSDEEP

98304:GToZnoIXsn7i0FIqRfxN5MWrqxwSryxPFD+yvg2Ioq:Qo9oH7i0FIqRJN5vrqa8MND02Tq

Score

8^/10

Malware Config

Targets

- Target
  
  wg.dat
- Size
  
  5.7MB
- MD5
  
  f55559f66229a8cfb591e0bcaa54c109
- SHA1
  
  17006709ee364b356e564a01fd70107c69691573
- SHA256
  
  2b873cb1b8eec5536a74c5ddab0472eff68cebf61757cbc317870b7192454ca8
- SHA512
  
  2ae90705029c37b3cead09d64cfd18bffb5507cd7def80b4a87a4f8759f205b4b9cbb86bfea090a71b98948b638c0ea35026da3925a5a5be082087791c3089de
- SSDEEP
  
  98304:J2llez/udrnJll4dP5aSGie4udyO4Okjsstz8V8bHxLcIm:J2lUzYIoSGz4ud11/qiupm
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  逆战末日免费版0829防止非法防止检测板.exe
- Size
  
  44KB
- MD5
  
  3050bf115925685e388920797e9c9946
- SHA1
  
  cee5e6b0a0eda4bba0bb5b8106d4fef703c90dce
- SHA256
  
  acb2b2ceb098ee1b9d450dc60bc1410f7bb8f2faf7ddffadc47540fba6b3745c
- SHA512
  
  6d36b5b0c37e2aea21dd189d16f3521677a15e2b964e412342ba88499c1843fa7a487e985b7735f1c0159c4d9746aafb692526020b8088efa570559b0b8ba9f1
- SSDEEP
  
  768:RtjCjA5eMVH0tTlzM+YnVrW1xUbPYy6W1xUbPYy3k:39h0HuVrW16Y3W16YQk
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4