General

  • Target

    6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f

  • Size

    159MB

  • Sample

    231206-bzcx5shh43

  • MD5

    75087ced1f163d2c7770004ba117f1cf

  • SHA1

    320e5d9c04f6c0ad9861262a81019efb0631feff

  • SHA256

    6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f

  • SHA512

    30eaa4955850c50156fb5f83d57867bda51bdf0b25343c7489156cb90c60a04927bd0f4910e092199a9f68e66dedf6cdf0ec087263bb047bf0573a7de11543a6

  • SSDEEP

    786432:hhpmi4LpgapMr7WN3KPqiVtAnnFWZEjdmXNDGY6zZyBdTtLwSTRpf4P1wT1M9t0Y:hhn4LpgF3TVGnBJm9pkcEtmMD

Malware Config

Targets

    • Target

      6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f

    • Size

      159MB

    • MD5

      75087ced1f163d2c7770004ba117f1cf

    • SHA1

      320e5d9c04f6c0ad9861262a81019efb0631feff

    • SHA256

      6cd17ccdcd564fc0b7f5bb9e4e53a0ffe86411fc4e3d8b75854ecea52286a99f

    • SHA512

      30eaa4955850c50156fb5f83d57867bda51bdf0b25343c7489156cb90c60a04927bd0f4910e092199a9f68e66dedf6cdf0ec087263bb047bf0573a7de11543a6

    • SSDEEP

      786432:hhpmi4LpgapMr7WN3KPqiVtAnnFWZEjdmXNDGY6zZyBdTtLwSTRpf4P1wT1M9t0Y:hhn4LpgF3TVGnBJm9pkcEtmMD

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Tasks