Resubmissions
02-04-2024 02:51
240402-dcgc6aee6z 1002-04-2024 02:51
240402-db6xesfa29 1002-04-2024 02:49
240402-da7gkaee21 1002-04-2024 02:48
240402-daq5kseh73 1002-04-2024 02:14
240402-cn2mssec25 1019-12-2023 13:11
231219-qe316abbcr 10Analysis
-
max time kernel
146s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19-12-2023 13:11
Static task
static1
Behavioral task
behavioral1
Sample
2e8f4deb77b157067ae01fafb05c2605.exe
Resource
win7-20231215-en
General
-
Target
2e8f4deb77b157067ae01fafb05c2605.exe
-
Size
444KB
-
MD5
2e8f4deb77b157067ae01fafb05c2605
-
SHA1
093c3d4965df93063f20bd6c5e0951b267e74daf
-
SHA256
f868ca3de0e202d0b2e9dffb9d9cc7f668f91cbe7a397cad6d951c7063ad1b68
-
SHA512
808dbffe05a7f4805d1f0d162e0251f86af94655db403533eb906cd5951abfec25f9574a914770fd4374f82de7b9dc8eec5997f649a13a156837adadb8d87344
-
SSDEEP
12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCm:sxNL0Y/ezauYP+FX9t+zv
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3352 GetX64BTIT.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 28 api.ipify.org 29 api.ipify.org -
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe 3404 2e8f4deb77b157067ae01fafb05c2605.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3404 2e8f4deb77b157067ae01fafb05c2605.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3404 wrote to memory of 3352 3404 2e8f4deb77b157067ae01fafb05c2605.exe 91 PID 3404 wrote to memory of 3352 3404 2e8f4deb77b157067ae01fafb05c2605.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e8f4deb77b157067ae01fafb05c2605.exe"C:\Users\Admin\AppData\Local\Temp\2e8f4deb77b157067ae01fafb05c2605.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3404 -
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"2⤵
- Executes dropped EXE
PID:3352
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b4cd27f2b37665f51eb9fe685ec1d373
SHA17f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA25691f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e
-
Filesize
28B
MD54f897062c7697758120fdc4e3b3f3a5f
SHA1b5b083abd00c04de0f21e8f5f32f25b17ea3f06e
SHA2568625e9d53c057f4d1d17bd47e6fa53b64853f7423a05b4a8d0d09bd79d6f8d49
SHA512a098b10838895b5c7512d3f7ac382643cb1522d24da4a7277f4b41f5ef48d8b3c4d061b0cb58169e0e6fc7f0253de0a7807016f4d13a81bf956ebd6d837cbc32