3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c | Triage

Submit
Reports

Overview

overview

8

Static

static

3

3e5d00a0c1...7c.exe

windows7-x64

8

3e5d00a0c1...7c.exe

windows10-2004-x64

8

Sharing

General

Target

3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c.exe
Size

146KB
Sample

240213-dcb4faeb23
MD5

ed9f7a9870f20f13ae0521ef922463ef
SHA1

bd2e8abbe8258c6c9c16ab7d8cba11a9d73f28e8
SHA256

3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c
SHA512

16650c47c11fe03f3b7a19b04fdb1a3d30c8430df9f9136976546ca0b1b48e39ea24949322db08d067b799e3bd568d716af49cfe398b96df2b923429c416aa95
SSDEEP

3072:3gHIxZV+Lu+djDW67COI/4PNzp4e/ZV7ypAjvyNaTsOhzynOhzyE:Qo/+/DV7CiPNeI/VxzyyzyE

Score

8^/10

persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c.exe

Resource

win7-20231215-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c.exe
- Size
  
  146KB
- MD5
  
  ed9f7a9870f20f13ae0521ef922463ef
- SHA1
  
  bd2e8abbe8258c6c9c16ab7d8cba11a9d73f28e8
- SHA256
  
  3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c
- SHA512
  
  16650c47c11fe03f3b7a19b04fdb1a3d30c8430df9f9136976546ca0b1b48e39ea24949322db08d067b799e3bd568d716af49cfe398b96df2b923429c416aa95
- SSDEEP
  
  3072:3gHIxZV+Lu+djDW67COI/4PNzp4e/ZV7ypAjvyNaTsOhzynOhzyE:Qo/+/DV7CiPNeI/VxzyyzyE
Score

8^/10

persistence
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy