Overview

overview

10

Static

static

3

c33deedefd...bf.exe

windows7-x64

10

c33deedefd...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f17afa21e88b7a362db5ae8fdfa43de9bin_JC.zip

  • Size

    118KB

  • Sample

    231012-1g2afsbf9t

  • MD5

    a2f54007138666066c5f599d441a4091

  • SHA1

    568467049ac9e2e50c971b7e533133333644c8d7

  • SHA256

    b08f1a1b8feaf67cbae681acaacc46aedbd216586b51236e3181365ce6b488fe

  • SHA512

    6bc5ed6658116fb83c232002d8ab0e0bfc82586329f9750f64762148c4b65a73037e38d5fa1b0fce24de2be273267e1823cb465713930a7fe03763886ae71735

  • SSDEEP

    3072:H2FtLZBtswP4yvYpwZblMS2mbHwQCKWw41tnyswkP:H2fZswPfg/S2mbHdCBR1tnyswkP

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://aszfiltration.com/storage/files/debug2.ps1

Targets

    • Target

      c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf.exe

    • Size

      247KB

    • MD5

      f17afa21e88b7a362db5ae8fdfa43de9

    • SHA1

      14b024dfe1f9aa6eb88bc7e2215e4877c92cc01e

    • SHA256

      c33deedefdb021c129cc4314ce7a032be5fbca79378f8581d0406857040a7fbf

    • SHA512

      efbdcd1c0fb91cb15de2935ed500fb0f9a8b3ef1491e9823850e97451348cd3a170bc0ad3c84086438508f7280f100a33ff8299a7de64093129b2d7ea83b8e0d

    • SSDEEP

      3072:98iTSP3d1hp5xnAs03vx54qylRs8crPGjl5mS3qI79TPJvLCw8DSmfNKgAiNNrc4:90zl37r79h2DSm1SgAOmhzN+

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks