Overview

overview

8

Static

static

fe01e3c894...92.exe

windows7-x64

8

fe01e3c894...92.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe01e3c89455eda65d79004b72cdef7c8fffb5a04b8d560c78a997713af1b492

  • Size

    2.2MB

  • Sample

    221215-kzydhsfa7y

  • MD5

    db4aabb8f02dc5281777a50bbf333967

  • SHA1

    728c546874d00830dc8c14fc461bd7e48696a2e4

  • SHA256

    fe01e3c89455eda65d79004b72cdef7c8fffb5a04b8d560c78a997713af1b492

  • SHA512

    25c04cec5383e61df9ba9297671a8ff2ac74de0474ed89736504cfd310ca863692b120021c9925bc272a7fee7701084d1afafbdb567c41846995be3d8e168d37

  • SSDEEP

    49152:8TfhGKHIxSx+WwU+3WIV1COgIng6FXN0dYMk9ZT/0MZGaHX5ex4g1h9oPG:IhGKH6PWh+WIVsyg0edYfTTcMca35exb

Score
8/10
discoveryexploitpersistence

Malware Config

Targets

    • Target

      fe01e3c89455eda65d79004b72cdef7c8fffb5a04b8d560c78a997713af1b492

    • Size

      2.2MB

    • MD5

      db4aabb8f02dc5281777a50bbf333967

    • SHA1

      728c546874d00830dc8c14fc461bd7e48696a2e4

    • SHA256

      fe01e3c89455eda65d79004b72cdef7c8fffb5a04b8d560c78a997713af1b492

    • SHA512

      25c04cec5383e61df9ba9297671a8ff2ac74de0474ed89736504cfd310ca863692b120021c9925bc272a7fee7701084d1afafbdb567c41846995be3d8e168d37

    • SSDEEP

      49152:8TfhGKHIxSx+WwU+3WIV1COgIng6FXN0dYMk9ZT/0MZGaHX5ex4g1h9oPG:IhGKH6PWh+WIVsyg0edYfTTcMca35exb

    Score
    8/10
    discoveryexploitpersistence

    • Possible privilege escalation attempt

      exploit

    • Registers new Print Monitor

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks