baec4a9f7a79d37ed568b0ce0b2d5ddf6cb9abb36e582df689e58ed2c4eb09fb | Triage

Sharing

General

Target

Wexide.exe
Size

79KB
Sample

231011-g7t5aahb29
MD5

e3074a3b713935925e9e30cff2ae9463
SHA1

41aa3bcb286eeb3b4efcde992eb40419aeaeae59
SHA256

baec4a9f7a79d37ed568b0ce0b2d5ddf6cb9abb36e582df689e58ed2c4eb09fb
SHA512

e18dfa0e7609e94b3d5e6a3d09ec2c3b80c272f47f16c3c40a24b663b37fb3773f8837ec68b31b028ca8d268e1d6b4c3145a2c7d813b91754438eb6cb051d0d4
SSDEEP

1536:jqO5TvSH2yEHf8kEpSSjqbJ4Kd6G6BP68OtkhNLWKKSf:jRY5qbJlmNOWhNauf

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Wexide.exe
- Size
  
  79KB
- MD5
  
  e3074a3b713935925e9e30cff2ae9463
- SHA1
  
  41aa3bcb286eeb3b4efcde992eb40419aeaeae59
- SHA256
  
  baec4a9f7a79d37ed568b0ce0b2d5ddf6cb9abb36e582df689e58ed2c4eb09fb
- SHA512
  
  e18dfa0e7609e94b3d5e6a3d09ec2c3b80c272f47f16c3c40a24b663b37fb3773f8837ec68b31b028ca8d268e1d6b4c3145a2c7d813b91754438eb6cb051d0d4
- SSDEEP
  
  1536:jqO5TvSH2yEHf8kEpSSjqbJ4Kd6G6BP68OtkhNLWKKSf:jRY5qbJlmNOWhNauf
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2