Overview

overview

8

Static

static

ab8879c610...65.exe

windows7-x64

8

ab8879c610...65.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865

  • Size

    540KB

  • Sample

    221128-ryp43seg9x

  • MD5

    0d151fe49db74b0cf55cb5314025805d

  • SHA1

    d6d3b4a52703d44d1518a7bdfdc0f4588a85f6b1

  • SHA256

    ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865

  • SHA512

    b2a8a67bd9dbba7da630f115964327ef20c138f0126ec092d956c4de384d1aa2e9fdcc9e9b6f17f6c1aacc3d6a3e4db701702838ee0d37d694ca7959242c2cb7

  • SSDEEP

    12288:1Cnu13N3WTYPa2m/rWTozHFKnoDI5iKpQi:0nu1oTYa2cWKH8oDI5s

Score
8/10
persistence

Malware Config

Targets

    • Target

      ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865

    • Size

      540KB

    • MD5

      0d151fe49db74b0cf55cb5314025805d

    • SHA1

      d6d3b4a52703d44d1518a7bdfdc0f4588a85f6b1

    • SHA256

      ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865

    • SHA512

      b2a8a67bd9dbba7da630f115964327ef20c138f0126ec092d956c4de384d1aa2e9fdcc9e9b6f17f6c1aacc3d6a3e4db701702838ee0d37d694ca7959242c2cb7

    • SSDEEP

      12288:1Cnu13N3WTYPa2m/rWTozHFKnoDI5iKpQi:0nu1oTYa2cWKH8oDI5s

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks