0969e965d0b82333c2c4c0e534c73529ee95078fa82bf105515e2402b3c9e8b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

combolist_generator_BY_X-KILLER.rar
Size

1.3MB
Sample

230529-styfbsch4y
MD5

611e85bb35d67899055aa956b3cd8551
SHA1

3dd4c40166f841d10f64e52a16aeab10bc1a51d3
SHA256

0969e965d0b82333c2c4c0e534c73529ee95078fa82bf105515e2402b3c9e8b8
SHA512

dc9bc2a402ca4577e8d0ebff61643d1af2031eeea21189a494d75d0d21264b44670e727ee9d98c7c24b9f89a74478ca88a874c6ac7ffa0bea7ef3ef2c694b01d
SSDEEP

24576:JQva4n2WiQRaRQivYd9MDaYOwT7E8PS6sY8QF+eV7shIt0CZ6+ieNxHuIcJqA5z1:gjn2zQwyivk9MDROwi6sbQ8ILE+ieNxo

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  combolist generator BY X-KILLER/combolist generator BY X-KILLER/GatherCfg/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  combolist generator BY X-KILLER/combolist generator BY X-KILLER/GatherCfg/SaveSoft.exe
- Size
  
  652KB
- MD5
  
  722e2c0821aa6f045f091fcd358ebf29
- SHA1
  
  cfadc1404cc5a36aa25d86b2f97a08c967f75950
- SHA256
  
  0005eae1c067ae4f71d59ad4fd732a1a2a1807b3cc635b3d003b1faf164ec2e0
- SHA512
  
  6593a31317e0671f1efc355d1bcdeb501dcc55faed49be0f9dd11b8d363306a8f2a0a323126fe27a6cb456265ca12efbc4714b5ae4f64dfeb189a403a72d1a1e
- SSDEEP
  
  12288:Chga5qdEq/flgCOUxhkaMUr5Uy1F9qmukWSShga5qdEq/HlgCOUxhkaMUr:ChgKFqnlgC7X2Uuy1F9qvk+hgKFqflgy
Score

7^/10
- Loads dropped DLL
behavioral2
- Target
  
  combolist generator BY X-KILLER/combolist generator BY X-KILLER/combolist generator BY X-KILLER.exe
- Size
  
  233KB
- MD5
  
  4dbf3829a169642e5422305212d9c857
- SHA1
  
  be3e64c844ff6b327bc2d4da4b914ea4704d609d
- SHA256
  
  fbc2299302549465595166d4ab4b78928bb335b16623703c3e57a3894048a320
- SHA512
  
  dc66a207d323a763256c302e20caf103411c61e6b706000ce5ccd2574fd8cb9bde48fd5493203a63fd07e2fdc95bcf38d52f542e491b6267f7e368fdbb91defa
- SSDEEP
  
  3072:d4lJfj/W4ObuqZnyto613VVmn8sNYA6PpV:d6JfjSbu+yS6VdsNYAw
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3