89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c | Triage

Submit
Reports

Overview

overview

Static

static

1

89fa8e3cda...9c.exe

windows7-x64

89fa8e3cda...9c.exe

windows10-2004-x64

Sharing

General

Target

89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c
Size

4.9MB
Sample

230306-p7hp9acd47
MD5

f1b82b5847e2ebebfe0408ddbc298d8b
SHA1

73faed8ab11743fff01d9e0c64cc8b5b4921140e
SHA256

89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c
SHA512

4e3baa2c4c3e709cfad0cc99844ade4fbf9ab95fe432b79b854655a268d55cd3735658b5ebb268271d6c051bc4934f5ed0186127feff50be4a40bf3f67feec29
SSDEEP

98304:an52MMMGMMMJwFMkbnhDnKf4J4m6XytVfF5Brq+tGhSGIGHswa+qpR6LU9rGy75q:anbArbnsf4J4m6QVfnBrHtGEGIGMwaKF

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c.exe

Resource

win7-20230220-en

discovery evasion exploit

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c.exe

Resource

win10v2004-20230221-en

discovery evasion exploit

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c
- Size
  
  4.9MB
- MD5
  
  f1b82b5847e2ebebfe0408ddbc298d8b
- SHA1
  
  73faed8ab11743fff01d9e0c64cc8b5b4921140e
- SHA256
  
  89fa8e3cdaa3afc4dade128b2bc37a70a626fa7969c97ab5c0a45f13e9bab79c
- SHA512
  
  4e3baa2c4c3e709cfad0cc99844ade4fbf9ab95fe432b79b854655a268d55cd3735658b5ebb268271d6c051bc4934f5ed0186127feff50be4a40bf3f67feec29
- SSDEEP
  
  98304:an52MMMGMMMJwFMkbnhDnKf4J4m6XytVfF5Brq+tGhSGIGHswa+qpR6LU9rGy75q:anbArbnsf4J4m6QVfnBrHtGEGIGMwaKF
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Install Root Certificate

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit

© 2018-2024

Terms | Privacy