48b081d297b030102b024d9c09965197842875b09c08b9ee36db5921037d073a | Triage

Submit
Reports

Overview

overview

Static

static

3

2b3d25bf48...3a.exe

windows7-x64

2b3d25bf48...3a.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2b3d25bf486f68ad37dc19b1e635613a.exe
Size

86KB
Sample

240103-r7thvshec4
MD5

2b3d25bf486f68ad37dc19b1e635613a
SHA1

17ca5e70148651d381ce2b07133d830993538838
SHA256

48b081d297b030102b024d9c09965197842875b09c08b9ee36db5921037d073a
SHA512

a1b95712c0719b5907a4e206d7a93b3e7c07090ea16c4b28792392acb87ac7d024a6031dc7f545d282269f5942f7bd2026d19eec638b3e1f2002669fe0d6d523
SSDEEP

1536:Z70ak+ddygXAyy9v7Z+NoykJHBOAFRfBjG3EdoIf:V0aXdfXAyy9DZ+N7eB+hIf

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2b3d25bf486f68ad37dc19b1e635613a.exe

Resource

win7-20231215-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b3d25bf486f68ad37dc19b1e635613a.exe

Resource

win10v2004-20231215-en

evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b3d25bf486f68ad37dc19b1e635613a.exe
- Size
  
  86KB
- MD5
  
  2b3d25bf486f68ad37dc19b1e635613a
- SHA1
  
  17ca5e70148651d381ce2b07133d830993538838
- SHA256
  
  48b081d297b030102b024d9c09965197842875b09c08b9ee36db5921037d073a
- SHA512
  
  a1b95712c0719b5907a4e206d7a93b3e7c07090ea16c4b28792392acb87ac7d024a6031dc7f545d282269f5942f7bd2026d19eec638b3e1f2002669fe0d6d523
- SSDEEP
  
  1536:Z70ak+ddygXAyy9v7Z+NoykJHBOAFRfBjG3EdoIf:V0aXdfXAyy9DZ+N7eB+hIf
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy