Overview

overview

10

Static

static

1

2t1crackloader.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2t1crackloader.zip

  • Size

    10.3MB

  • Sample

    230831-z8bnfaag25

  • MD5

    9c7258ce936eec90398d22e9465220fc

  • SHA1

    bfbebd4410b5549c1f72a352b085a43dd6ff6c2e

  • SHA256

    71fc9a46c705cca416dbde41ad8b477270934ea2983dc583bd453b985dcdfc74

  • SHA512

    c9b66771e1341818e491d2be6335703cdc9414bd322fa8ecba2d84cd2b0aa23935986727c50bd52c6ef072798e4f8daa83f7d7d61c2ffff9c6d5076314acc741

  • SSDEEP

    196608:QvXOctN6drlM8mlMWPF5E0OPQkw0xe59YqvdgMHAvwshuFWj9NqFIutrvGxF6t:QvKdrlNVWPF5EBPw042oOg9wuQTq6uZ5

Score
10/10

Malware Config

Targets

    • Target

      2t1crackloader.zip

    • Size

      10.3MB

    • MD5

      9c7258ce936eec90398d22e9465220fc

    • SHA1

      bfbebd4410b5549c1f72a352b085a43dd6ff6c2e

    • SHA256

      71fc9a46c705cca416dbde41ad8b477270934ea2983dc583bd453b985dcdfc74

    • SHA512

      c9b66771e1341818e491d2be6335703cdc9414bd322fa8ecba2d84cd2b0aa23935986727c50bd52c6ef072798e4f8daa83f7d7d61c2ffff9c6d5076314acc741

    • SSDEEP

      196608:QvXOctN6drlM8mlMWPF5E0OPQkw0xe59YqvdgMHAvwshuFWj9NqFIutrvGxF6t:QvKdrlNVWPF5EBPw042oOg9wuQTq6uZ5

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks