Overview

overview

7

Static

static

3

792d9e678c...25.exe

windows7-x64

7

792d9e678c...25.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    792d9e678cf920dc3015069205431abd049d0ea1a682005a0b82bc2bb432c425

  • Size

    163KB

  • Sample

    231004-xqbjlsgc54

  • MD5

    87557535c111af3fe7c656220475871c

  • SHA1

    5ae8afdee3db3ce8d082d3e799a612274a0cb9ac

  • SHA256

    792d9e678cf920dc3015069205431abd049d0ea1a682005a0b82bc2bb432c425

  • SHA512

    3acf60abaf0432ef45f3c400e2d450431b7568d9edd79d57b80206eb9bf204299af6a048eb5c27f23c6b3ff92c499ef47e77344070e14e97a656e1fa206069d7

  • SSDEEP

    3072:7vJbyDbWElNFO1gBz65/M6If+3Js+3JFkKeTno:VybZrxBt25

Score
7/10
persistence

Malware Config

Targets

    • Target

      792d9e678cf920dc3015069205431abd049d0ea1a682005a0b82bc2bb432c425

    • Size

      163KB

    • MD5

      87557535c111af3fe7c656220475871c

    • SHA1

      5ae8afdee3db3ce8d082d3e799a612274a0cb9ac

    • SHA256

      792d9e678cf920dc3015069205431abd049d0ea1a682005a0b82bc2bb432c425

    • SHA512

      3acf60abaf0432ef45f3c400e2d450431b7568d9edd79d57b80206eb9bf204299af6a048eb5c27f23c6b3ff92c499ef47e77344070e14e97a656e1fa206069d7

    • SSDEEP

      3072:7vJbyDbWElNFO1gBz65/M6If+3Js+3JFkKeTno:VybZrxBt25

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks