General
-
Target
1660AD56D483CAA69CCB56251C6F89BC.exe
-
Size
80KB
-
Sample
240217-xr2r7aaa21
-
MD5
1660ad56d483caa69ccb56251c6f89bc
-
SHA1
b45a9bd339562b15239abe2b9c65d65ab599eb94
-
SHA256
f44933fa819aaf68b95ddd712bcb7e069ec952cd151862c1d3313dce52203c6e
-
SHA512
3641b830d03556533ddfdf6bab95197a031c4b1f919cc128fd0951c4b6bfba679733d27a3c4965174d3df06e6f1aace86e81eac3d80d5e93f63a2ab4c8413cdf
-
SSDEEP
1536:78zYOd3c8QduE6hP03VGY0ciL45ZWVUHmYNr0aNoY9/9F:4zYOdM8QdwhP0FJiU5AUHMaikF
Static task
static1
Behavioral task
behavioral1
Sample
1660AD56D483CAA69CCB56251C6F89BC.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1660AD56D483CAA69CCB56251C6F89BC.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
1660AD56D483CAA69CCB56251C6F89BC.exe
-
Size
80KB
-
MD5
1660ad56d483caa69ccb56251c6f89bc
-
SHA1
b45a9bd339562b15239abe2b9c65d65ab599eb94
-
SHA256
f44933fa819aaf68b95ddd712bcb7e069ec952cd151862c1d3313dce52203c6e
-
SHA512
3641b830d03556533ddfdf6bab95197a031c4b1f919cc128fd0951c4b6bfba679733d27a3c4965174d3df06e6f1aace86e81eac3d80d5e93f63a2ab4c8413cdf
-
SSDEEP
1536:78zYOd3c8QduE6hP03VGY0ciL45ZWVUHmYNr0aNoY9/9F:4zYOdM8QdwhP0FJiU5AUHMaikF
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1