Overview

overview

8

Static

static

1

dropper.exe

windows7-x64

3

dropper.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dropper.exe

  • Size

    35KB

  • Sample

    230301-e36amseb7w

  • MD5

    f69e703666a6a41005501bc65645916c

  • SHA1

    c44215f3fe477505b7288a261aff28dce6d5aa32

  • SHA256

    0b2f88a609b82dbad98a8b6624552e9c2e5db2173c148d7dbc2f0ea6133d9cb3

  • SHA512

    6e775cb3cf9ac61da431ac05b07dc26483887d385ed214ba11cb557cdc54c198e79698f44dd82c3fcd974a4f70524388a023f1e955459913cf8199c5e4695dc5

  • SSDEEP

    384:bxiHABz9q3FxmHu+JjOdb932NOHu469aMgMcpMQiW4zmkZXOfq1eK2ZkLCh4fdu1:bCIFqb932NOO7BXbOfq1QkmOnI66N

Score
8/10

Malware Config

Targets

    • Target

      dropper.exe

    • Size

      35KB

    • MD5

      f69e703666a6a41005501bc65645916c

    • SHA1

      c44215f3fe477505b7288a261aff28dce6d5aa32

    • SHA256

      0b2f88a609b82dbad98a8b6624552e9c2e5db2173c148d7dbc2f0ea6133d9cb3

    • SHA512

      6e775cb3cf9ac61da431ac05b07dc26483887d385ed214ba11cb557cdc54c198e79698f44dd82c3fcd974a4f70524388a023f1e955459913cf8199c5e4695dc5

    • SSDEEP

      384:bxiHABz9q3FxmHu+JjOdb932NOHu469aMgMcpMQiW4zmkZXOfq1eK2ZkLCh4fdu1:bCIFqb932NOO7BXbOfq1QkmOnI66N

    Score
    8/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks