Overview

overview

8

Static

static

3

e9e34828dd...d5.exe

windows10-1703-x64

8

e9e34828dd...d5.exe

windows7-x64

8

e9e34828dd...d5.exe

windows10-1703-x64

8

e9e34828dd...d5.exe

windows10-2004-x64

8

e9e34828dd...d5.exe

windows11-21h2-x64

7

Resubmissions

17/04/2024, 11:54

240417-n29fcafd81 8

17/04/2024, 11:54

240417-n285ksdh43 8

17/04/2024, 11:54

240417-n28h2sfd8z 8

17/04/2024, 11:54

240417-n246mafd8x 8

17/04/2024, 11:54

240417-n24j4afd8w 8

16/04/2024, 10:48

240416-mwlxesad2t 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9e34828dd3f60d69e3b5ea854a7a06906828cc5cfc8d5906897d2ab3b6765d5

  • Size

    5.3MB

  • Sample

    240417-n29fcafd81

  • MD5

    4a6096deaaaf3fe393b61d66540ce4ab

  • SHA1

    9f91f6feae419a73a3371e06206b5e459281cff0

  • SHA256

    e9e34828dd3f60d69e3b5ea854a7a06906828cc5cfc8d5906897d2ab3b6765d5

  • SHA512

    9322c12a042ef7914bedf73618b135775f99bcc352e23b606e6887f1e7843bda3fb9025a06eefb4bd1468a69565f6f8d34bacf0d0fcbd4ee7c34cd46c96e6d01

  • SSDEEP

    98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91

Score
8/10
discoveryevasion

Malware Config

Targets

    • Target

      e9e34828dd3f60d69e3b5ea854a7a06906828cc5cfc8d5906897d2ab3b6765d5

    • Size

      5.3MB

    • MD5

      4a6096deaaaf3fe393b61d66540ce4ab

    • SHA1

      9f91f6feae419a73a3371e06206b5e459281cff0

    • SHA256

      e9e34828dd3f60d69e3b5ea854a7a06906828cc5cfc8d5906897d2ab3b6765d5

    • SHA512

      9322c12a042ef7914bedf73618b135775f99bcc352e23b606e6887f1e7843bda3fb9025a06eefb4bd1468a69565f6f8d34bacf0d0fcbd4ee7c34cd46c96e6d01

    • SSDEEP

      98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91

    Score
    8/10
    discoveryevasion

    • Contacts a large (1126) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks