Resubmissions

General

  • Target

    lrthijawd.exe

  • Size

    898KB

  • Sample

    240604-sm328sbc4t

  • MD5

    1b1ecd323162c054864b63ada693cd71

  • SHA1

    333a67545a5d1aad4d73a3501f7152b4529b6b3e

  • SHA256

    902337bbf17ac4e015e03d12e79b60b8dd5a8362496da3291a39e9124c58d9ff

  • SHA512

    f1776b6a457108f10ca940ce02ce98b73404f5cf18fccee4977024cfaf74d7f48666d4da9be1bee27531525e276cb8cfadba39b0c81e0fd8cbe42f7672f45b71

  • SSDEEP

    24576:juDXTIGaPhEYzUzA0amuDXTIGaPhEYzUzA0bnl:KDjlabwz9aDjlabwz9rl

Score
10/10

Malware Config

Targets

    • Target

      lrthijawd.exe

    • Size

      898KB

    • MD5

      1b1ecd323162c054864b63ada693cd71

    • SHA1

      333a67545a5d1aad4d73a3501f7152b4529b6b3e

    • SHA256

      902337bbf17ac4e015e03d12e79b60b8dd5a8362496da3291a39e9124c58d9ff

    • SHA512

      f1776b6a457108f10ca940ce02ce98b73404f5cf18fccee4977024cfaf74d7f48666d4da9be1bee27531525e276cb8cfadba39b0c81e0fd8cbe42f7672f45b71

    • SSDEEP

      24576:juDXTIGaPhEYzUzA0amuDXTIGaPhEYzUzA0bnl:KDjlabwz9aDjlabwz9rl

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks