General
-
Target
8667467823.zip
-
Size
11.0MB
-
Sample
230110-qqjfwsgb65
-
MD5
9f45619d6590592df49d7cc2adfa3a54
-
SHA1
21fc4b6d9303d94f712d5b66b64b053b3afab705
-
SHA256
d73c72cece0b5f7297eb60efa5d7c26dde5edee864b330c061f7a0955f62da7e
-
SHA512
ab5d6d5eba7508e9e9a004b02bed89afade58c2920d73e8d5876b5c54d62a229f5a93c273a0150d37e9964ace319e01056dc983c74f3321a575f2afdbf519aeb
-
SSDEEP
196608:Q6BHJ8NCsonlr70p7nOf23zz7f8pq5pA1tWQk1k91SW/zTxBuBpn/:T7iCsikg23zz7f8pmA6Qk2nS6xBuv
Static task
static1
Behavioral task
behavioral1
Sample
7501184de60676906979b10ed76ef4cb2f583049ec0619b0320d4ce4c2fc0671.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
7501184de60676906979b10ed76ef4cb2f583049ec0619b0320d4ce4c2fc0671
-
Size
269.0MB
-
MD5
600e5eaa2e5c37f15d63d190daac4439
-
SHA1
ec376db711cfacb70d03de0cfef5238c6ffb3068
-
SHA256
7501184de60676906979b10ed76ef4cb2f583049ec0619b0320d4ce4c2fc0671
-
SHA512
245bd0825164c241d3751f8c65d9bbd40a078948bb6bce9170369c5fe63d8102d571f6d9f83995550117e6819d65c34a90f33c0ab733f1b7faaf72a5c14f979d
-
SSDEEP
196608:3lej2sXzkvYtfXHwRjpJCeg50B2NbFKGpxMHwkadFVowbL:3QzjHtfHwRv0XDpqQks5
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Hidden Files and Directories
2Scheduled Task
1