General
-
Target
19df4259aad7316b180506d5779981c971f4f5393553e801e7e78b2ae9b16108.zip
-
Size
14.8MB
-
Sample
221228-xr62xaed5s
-
MD5
7fc0694e08c86ce13c03b969f6eda3b4
-
SHA1
814b6cf9a12964c9d300407c1060214c32314e06
-
SHA256
a6422c833d962601556b35207702dbf88b484a9688dbf7109c5cc46bdb751258
-
SHA512
aa4ad5d56267c3f35523f0c84869397687f8c4cb3e622147fc17da199a3d0756d86fd4c60c500f78094769196f53a87ad8f841a92cd569e5b897b6e68cdb14b4
-
SSDEEP
393216:1uPCNlpOpXN3VQSadlnsdL88ouLiV84aWdHK22L:fNlpOpTIlsdL8Rc54aKqbL
Static task
static1
Behavioral task
behavioral1
Sample
19df4259aad7316b180506d5779981c971f4f5393553e801e7e78b2ae9b16108.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
19df4259aad7316b180506d5779981c971f4f5393553e801e7e78b2ae9b16108
-
Size
271.0MB
-
MD5
63cdb639d17da4bc6bb702caaefc4382
-
SHA1
5886431711fdc750d4a10468ba84e0a7d5d1d3b7
-
SHA256
19df4259aad7316b180506d5779981c971f4f5393553e801e7e78b2ae9b16108
-
SHA512
63c2aa84eda4e04d509ec8a0431059dc7ac9d0e3015219b075e1769dd96c828f1948b94cf331d367a61e30448a55442f1f7d2350d80156ad526e55d86a37a5f5
-
SSDEEP
393216:bX1DBAYSRIJjf5MiX425x8qlj7WknY4PEJRAF2:b1DBA/eJjfS+/88jYPJ/
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Hidden Files and Directories
2Scheduled Task
1