General

  • Target

    1660AD56D483CAA69CCB56251C6F89BC.exe

  • Size

    80KB

  • Sample

    240217-xr2r7aaa21

  • MD5

    1660ad56d483caa69ccb56251c6f89bc

  • SHA1

    b45a9bd339562b15239abe2b9c65d65ab599eb94

  • SHA256

    f44933fa819aaf68b95ddd712bcb7e069ec952cd151862c1d3313dce52203c6e

  • SHA512

    3641b830d03556533ddfdf6bab95197a031c4b1f919cc128fd0951c4b6bfba679733d27a3c4965174d3df06e6f1aace86e81eac3d80d5e93f63a2ab4c8413cdf

  • SSDEEP

    1536:78zYOd3c8QduE6hP03VGY0ciL45ZWVUHmYNr0aNoY9/9F:4zYOdM8QdwhP0FJiU5AUHMaikF

Score
8/10

Malware Config

Targets

    • Target

      1660AD56D483CAA69CCB56251C6F89BC.exe

    • Size

      80KB

    • MD5

      1660ad56d483caa69ccb56251c6f89bc

    • SHA1

      b45a9bd339562b15239abe2b9c65d65ab599eb94

    • SHA256

      f44933fa819aaf68b95ddd712bcb7e069ec952cd151862c1d3313dce52203c6e

    • SHA512

      3641b830d03556533ddfdf6bab95197a031c4b1f919cc128fd0951c4b6bfba679733d27a3c4965174d3df06e6f1aace86e81eac3d80d5e93f63a2ab4c8413cdf

    • SSDEEP

      1536:78zYOd3c8QduE6hP03VGY0ciL45ZWVUHmYNr0aNoY9/9F:4zYOdM8QdwhP0FJiU5AUHMaikF

    Score
    8/10
    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks