General

  • Target

    4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe

  • Size

    5.3MB

  • Sample

    240323-cn7h2seh3v

  • MD5

    b59631e064541c8651576128708e50f9

  • SHA1

    7aae996d4990f37a48288fa5f15a7889c3ff49b3

  • SHA256

    4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002

  • SHA512

    571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92

  • SSDEEP

    98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy

Score
8/10

Malware Config

Targets

    • Target

      4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe

    • Size

      5.3MB

    • MD5

      b59631e064541c8651576128708e50f9

    • SHA1

      7aae996d4990f37a48288fa5f15a7889c3ff49b3

    • SHA256

      4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002

    • SHA512

      571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92

    • SSDEEP

      98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy

    Score
    8/10
    • Creates new service(s)

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks