General
-
Target
TouchEn_nxKey_32bit.exe
-
Size
13.0MB
-
Sample
240616-jr8c3szblr
-
MD5
f66c6cf35d41ce3eb4c941d7b107d3b5
-
SHA1
48e9f41dbd827c0d35ba94d39a1f362ef178d971
-
SHA256
a5a5cf58d399b5f31d34286d078ec6cc3a2bf34bef2bed8d1fbaa2d3b8058339
-
SHA512
cc7546e1fe3c271a9d82a0600347e86c4356f4f4071db4680ef72c4b9d5c62ba20746bcfcfe615fc2351591edbe5da551c382817d0ac19541e218edaa6462ac9
-
SSDEEP
393216:LT3FXWNXhfllcOy8/4jdpsR37OyYA7ZqJ2:X1GNXh9YPdm97ptm2
Behavioral task
behavioral1
Sample
TouchEn_nxKey_32bit.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
TouchEn_nxKey_32bit.exe
-
Size
13.0MB
-
MD5
f66c6cf35d41ce3eb4c941d7b107d3b5
-
SHA1
48e9f41dbd827c0d35ba94d39a1f362ef178d971
-
SHA256
a5a5cf58d399b5f31d34286d078ec6cc3a2bf34bef2bed8d1fbaa2d3b8058339
-
SHA512
cc7546e1fe3c271a9d82a0600347e86c4356f4f4071db4680ef72c4b9d5c62ba20746bcfcfe615fc2351591edbe5da551c382817d0ac19541e218edaa6462ac9
-
SSDEEP
393216:LT3FXWNXhfllcOy8/4jdpsR37OyYA7ZqJ2:X1GNXh9YPdm97ptm2
-
Creates new service(s)
-
Sets service image path in registry
-
Adds Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1