General

  • Target

    server.exe

  • Size

    48KB

  • Sample

    240614-xd2v2awdqk

  • MD5

    eff3e0fad856f7bed3f7ef76e355b75e

  • SHA1

    ac9fc470156acc577e6b5e889b6d28bb12e39db8

  • SHA256

    0498fe1b3c0866a85b0b9c653800877da139973d6b60646f99f00e014bbb71e7

  • SHA512

    458ac1d27e70a2fbee1e5c8abb3d1b1fb0c093f57e06d3401a0e45bbc32d619afccbc21ca2d70a694eb173e17f1a46b7a59fdcdfa933618d4f4701e0909bf7b4

  • SSDEEP

    768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ChPC:Ub1MsHz3JDwhyWr+N95OTga6p

Score
10/10

Malware Config

Targets

    • Target

      server.exe

    • Size

      48KB

    • MD5

      eff3e0fad856f7bed3f7ef76e355b75e

    • SHA1

      ac9fc470156acc577e6b5e889b6d28bb12e39db8

    • SHA256

      0498fe1b3c0866a85b0b9c653800877da139973d6b60646f99f00e014bbb71e7

    • SHA512

      458ac1d27e70a2fbee1e5c8abb3d1b1fb0c093f57e06d3401a0e45bbc32d619afccbc21ca2d70a694eb173e17f1a46b7a59fdcdfa933618d4f4701e0909bf7b4

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ChPC:Ub1MsHz3JDwhyWr+N95OTga6p

    Score
    8/10
    • Sets DLL path for service in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks