Overview

overview

7

Static

static

3

TT payment.exe

windows7-x64

7

TT payment.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT payment.exe

  • Size

    280KB

  • Sample

    230717-g4wtpsae73

  • MD5

    0b53570dda412c985f1913d0ad097b6f

  • SHA1

    69e8648f91033de6b221c969fa1804b370f9fea1

  • SHA256

    00d4da9d4fbc98752b5b2d9ada463a4c5cd3ebfde5b81821525727b3c258a4de

  • SHA512

    12042e8ac4ec3554c0e847c3d92114e031f6c2d526421cfa0e5373d6caeb957858f277a2f90099a14a873715fae2fa654e53bce0265b0182435ff1ebe98c5089

  • SSDEEP

    6144:/Ya6R+XvLSi08M0pKNQkK/1D7oTr+xGZ/e3AaNAJpm3hAjttdNYFb2upPI:/YDqL68MNXuDaPWw9jttdFupA

Score
7/10

Malware Config

Targets

    • Target

      TT payment.exe

    • Size

      280KB

    • MD5

      0b53570dda412c985f1913d0ad097b6f

    • SHA1

      69e8648f91033de6b221c969fa1804b370f9fea1

    • SHA256

      00d4da9d4fbc98752b5b2d9ada463a4c5cd3ebfde5b81821525727b3c258a4de

    • SHA512

      12042e8ac4ec3554c0e847c3d92114e031f6c2d526421cfa0e5373d6caeb957858f277a2f90099a14a873715fae2fa654e53bce0265b0182435ff1ebe98c5089

    • SSDEEP

      6144:/Ya6R+XvLSi08M0pKNQkK/1D7oTr+xGZ/e3AaNAJpm3hAjttdNYFb2upPI:/YDqL68MNXuDaPWw9jttdFupA

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks