General
-
Target
TokenGen.exe
-
Size
8.4MB
-
Sample
240223-p2mr1sga5t
-
MD5
6ab683496d974568e89cacbc75e8f911
-
SHA1
9422365d1bdef1232f79ae92897589250a65735b
-
SHA256
2c77f01d2d3d4e3f32e25437d8afc259e3c5f9e8f40fb8d7688637b11649b682
-
SHA512
446348fdba1fb4c28e36edac99c6bc1e13eb2af482499ada21030d425e730051a26e8c2ea1d01822bfb596802be489160b8dc52906e86ec7bf2c3b37a63bcdd0
-
SSDEEP
196608:Ye4IHXzkneX38DXDQ9/tbYPvbJQlHHO2SvJ37n8CS79JjXSKn:9Hy0MDTQ9/kJQlnEc9RC
Behavioral task
behavioral1
Sample
TokenGen.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TokenGen.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
TokenGen.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TokenGen.pyc
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
TokenGen.exe
-
Size
8.4MB
-
MD5
6ab683496d974568e89cacbc75e8f911
-
SHA1
9422365d1bdef1232f79ae92897589250a65735b
-
SHA256
2c77f01d2d3d4e3f32e25437d8afc259e3c5f9e8f40fb8d7688637b11649b682
-
SHA512
446348fdba1fb4c28e36edac99c6bc1e13eb2af482499ada21030d425e730051a26e8c2ea1d01822bfb596802be489160b8dc52906e86ec7bf2c3b37a63bcdd0
-
SSDEEP
196608:Ye4IHXzkneX38DXDQ9/tbYPvbJQlHHO2SvJ37n8CS79JjXSKn:9Hy0MDTQ9/kJQlnEc9RC
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
TokenGen.pyc
-
Size
3KB
-
MD5
e918327d5a721d0be2b9eb5120fde9e0
-
SHA1
2951b7a21bc5d708b7d04517f491490eaaa4b0a2
-
SHA256
cdcbaf746361226ef823876715b1fa9e0bccb2c5d087d90ac8bf752b19ad5664
-
SHA512
89e86e7ba3fdd5f2ce030c80997cc9d67d6d878f4793f15c78d1f20a3f26afb0c4d99d0f48d6ba1e995cfe4de659b67c8d0e7172468d4ce9c61352720a1948e9
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1