Overview

overview

7

Static

static

1

lilith-lau...s3.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lilith-launcher-windows-s3.exe

  • Size

    6.4MB

  • Sample

    230420-ze82vacc37

  • MD5

    888b418deba43641f6f12217d4cc3a10

  • SHA1

    01f76792e995b2eff93c07387888049e9a627514

  • SHA256

    b0b5ae1b1dddb8ad9ecaa6521d007d5dcc4a313541a5f74f4c2ddf6994aaea2f

  • SHA512

    4146becad7e17260f9cb74cddc0fdb8ce48d40c02dd7ea37190e03f7167009abef4d76c460ae79adc211228f6bec234eeefe25cb1dc0c0bfe4edf6883829e493

  • SSDEEP

    98304:dk3+3Zqj9EFEhVaKrDAJIJ0wb1h89c3YalKo:++8jPh4W+Iv2mIX

Score
7/10

Malware Config

Targets

    • Target

      lilith-launcher-windows-s3.exe

    • Size

      6.4MB

    • MD5

      888b418deba43641f6f12217d4cc3a10

    • SHA1

      01f76792e995b2eff93c07387888049e9a627514

    • SHA256

      b0b5ae1b1dddb8ad9ecaa6521d007d5dcc4a313541a5f74f4c2ddf6994aaea2f

    • SHA512

      4146becad7e17260f9cb74cddc0fdb8ce48d40c02dd7ea37190e03f7167009abef4d76c460ae79adc211228f6bec234eeefe25cb1dc0c0bfe4edf6883829e493

    • SSDEEP

      98304:dk3+3Zqj9EFEhVaKrDAJIJ0wb1h89c3YalKo:++8jPh4W+Iv2mIX

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops Chrome extension

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks