General
-
Target
c63b5e6305535cdaaaeb11889ddfb097
-
Size
11.4MB
-
Sample
240313-szjjcsae55
-
MD5
c63b5e6305535cdaaaeb11889ddfb097
-
SHA1
5e8ab02cda98483da63957375524d8a2f5e97913
-
SHA256
00e343ddfcac2d81f4ff3884a99714dd96649323f474a35b531bf0d83da8d50b
-
SHA512
47e0f03ed21cb81a59ad45c806efe43b8b8f2da34fb752c53f1c8c5c0078c1249f1a70178a6b124f9c582e4d8faaad0d02830b0963ff915a24c46f37991048d6
-
SSDEEP
6144:rlfbtogINHXE+nlLO0pCxPPTObjpF8tAWsOtstststststststststststststsx:pbto10+nlLA9PybjpF8GWs
Static task
static1
Behavioral task
behavioral1
Sample
c63b5e6305535cdaaaeb11889ddfb097.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c63b5e6305535cdaaaeb11889ddfb097.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
c63b5e6305535cdaaaeb11889ddfb097
-
Size
11.4MB
-
MD5
c63b5e6305535cdaaaeb11889ddfb097
-
SHA1
5e8ab02cda98483da63957375524d8a2f5e97913
-
SHA256
00e343ddfcac2d81f4ff3884a99714dd96649323f474a35b531bf0d83da8d50b
-
SHA512
47e0f03ed21cb81a59ad45c806efe43b8b8f2da34fb752c53f1c8c5c0078c1249f1a70178a6b124f9c582e4d8faaad0d02830b0963ff915a24c46f37991048d6
-
SSDEEP
6144:rlfbtogINHXE+nlLO0pCxPPTObjpF8tAWsOtstststststststststststststsx:pbto10+nlLA9PybjpF8GWs
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2