Overview

overview

8

Static

static

400f2f4246...58.exe

windows7-x64

8

400f2f4246...58.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    400f2f4246e5162aceddee729a042129c4053637c3c7697dff3d99bdca3e8358

  • Size

    143KB

  • Sample

    221127-tp48raee4x

  • MD5

    b464f1c8f84d3c6cb2e8ec2a4f4ed0c0

  • SHA1

    00f98a8693192a5a8b061846b91bfb99147de717

  • SHA256

    400f2f4246e5162aceddee729a042129c4053637c3c7697dff3d99bdca3e8358

  • SHA512

    dea9e4302198ed11a86424dd8eecbd281ac6230247af1e2eb39d93bb3f1160033d63a9adee747a62639d3dd0d3d118eb2a730248014c280e8e39fd9c48cbe640

  • SSDEEP

    3072:CD9PYCFZ0q9nqXI1DjKlxxtirIeW2vY3UkWAqCqtVlP:CEvlx0IeW2vY3Jqfl

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      400f2f4246e5162aceddee729a042129c4053637c3c7697dff3d99bdca3e8358

    • Size

      143KB

    • MD5

      b464f1c8f84d3c6cb2e8ec2a4f4ed0c0

    • SHA1

      00f98a8693192a5a8b061846b91bfb99147de717

    • SHA256

      400f2f4246e5162aceddee729a042129c4053637c3c7697dff3d99bdca3e8358

    • SHA512

      dea9e4302198ed11a86424dd8eecbd281ac6230247af1e2eb39d93bb3f1160033d63a9adee747a62639d3dd0d3d118eb2a730248014c280e8e39fd9c48cbe640

    • SSDEEP

      3072:CD9PYCFZ0q9nqXI1DjKlxxtirIeW2vY3UkWAqCqtVlP:CEvlx0IeW2vY3Jqfl

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks