General
-
Target
Generator__2_.exe
-
Size
17.0MB
-
Sample
240628-1bbgvasepc
-
MD5
5b200dd77e88dae76027a0c8c5eefbf5
-
SHA1
3d03e66b202007417683039801699c6bbea2f810
-
SHA256
700014da7ee4fdace03006daabfcf5f85d09c4a9a3654fdeb468370ceae85f97
-
SHA512
d8823e0e2abaa38ab86bb161be6c8e878fc3d6f2c05b80ea762678d28a51eb75d8fff8f6579c6b271973635e62ffd1843f7f69bf2115e28c9b16a28996ae7302
-
SSDEEP
393216:tML/au3GH6YkDInEroXHlh2pWsKkXgAW+TA39mmpDN1BlyNuW:tMLS0GHfjErUFQpWoMQA3H1Tyf
Behavioral task
behavioral1
Sample
Generator__2_.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
Generator__2_.exe
-
Size
17.0MB
-
MD5
5b200dd77e88dae76027a0c8c5eefbf5
-
SHA1
3d03e66b202007417683039801699c6bbea2f810
-
SHA256
700014da7ee4fdace03006daabfcf5f85d09c4a9a3654fdeb468370ceae85f97
-
SHA512
d8823e0e2abaa38ab86bb161be6c8e878fc3d6f2c05b80ea762678d28a51eb75d8fff8f6579c6b271973635e62ffd1843f7f69bf2115e28c9b16a28996ae7302
-
SSDEEP
393216:tML/au3GH6YkDInEroXHlh2pWsKkXgAW+TA39mmpDN1BlyNuW:tMLS0GHfjErUFQpWoMQA3H1Tyf
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1