Overview

overview

8

Static

static

1

LeoneDumper.exe

windows7-x64

6

LeoneDumper.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LeoneDumper.exe

  • Size

    238KB

  • Sample

    230701-cy85magd9s

  • MD5

    997ff6e544f760c4b16630614f31f950

  • SHA1

    436ec493eb37200498099e451325db9b78e15856

  • SHA256

    95bbdf4f1ebae515d90139c7690e60e7abd94170207c7342d6e502ebad2f6b53

  • SHA512

    b96e91011d90c19196493bd6585b4354e34edfcc37417e419c79cab3ae0ecb757e0ad70b64dc282ff60bebb251144f984e66689ad98b564ddd76ddbfda1bc272

  • SSDEEP

    6144:FqnKyjWo7gB8eOCJG3FGJljXdQprzvEXaAMw0YYaZB6gkipk3mmw0OKggF:FqKsWR8FCw3wjXdQpv6aAMpQZtxTSge

Score
8/10
discovery

Malware Config

Targets

    • Target

      LeoneDumper.exe

    • Size

      238KB

    • MD5

      997ff6e544f760c4b16630614f31f950

    • SHA1

      436ec493eb37200498099e451325db9b78e15856

    • SHA256

      95bbdf4f1ebae515d90139c7690e60e7abd94170207c7342d6e502ebad2f6b53

    • SHA512

      b96e91011d90c19196493bd6585b4354e34edfcc37417e419c79cab3ae0ecb757e0ad70b64dc282ff60bebb251144f984e66689ad98b564ddd76ddbfda1bc272

    • SSDEEP

      6144:FqnKyjWo7gB8eOCJG3FGJljXdQprzvEXaAMw0YYaZB6gkipk3mmw0OKggF:FqKsWR8FCw3wjXdQpv6aAMpQZtxTSge

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks