Overview

overview

10

Static

static

3

Loader.rar

windows7-x64

3

Loader.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.rar

  • Size

    3.8MB

  • Sample

    240701-qatxpashpf

  • MD5

    5e3a0bd1b8b4f6fc78799640a591854c

  • SHA1

    3cb646c96028a95baaf9544ca118d38edf8142e2

  • SHA256

    d53ec75650708643ffa5b731782adfd3e3cf910142510e290dd6c8e6ca403001

  • SHA512

    8e43b5f4769db9ea0069ae591282ebcd89d5229e210f3374c5fa9e6cd507fb4939f89873efb7c31be021b365e9a4a39f6131583e72eab751bfe64005d3ce7719

  • SSDEEP

    98304:++Vnp8HuN4umIeUr8A6dIoYzMl+/lHOlmvLYdZEyE:fpeulevALXZlI8GZEyE

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/lem61111111111/raw

Targets

    • Target

      Loader.rar

    • Size

      3.8MB

    • MD5

      5e3a0bd1b8b4f6fc78799640a591854c

    • SHA1

      3cb646c96028a95baaf9544ca118d38edf8142e2

    • SHA256

      d53ec75650708643ffa5b731782adfd3e3cf910142510e290dd6c8e6ca403001

    • SHA512

      8e43b5f4769db9ea0069ae591282ebcd89d5229e210f3374c5fa9e6cd507fb4939f89873efb7c31be021b365e9a4a39f6131583e72eab751bfe64005d3ce7719

    • SSDEEP

      98304:++Vnp8HuN4umIeUr8A6dIoYzMl+/lHOlmvLYdZEyE:fpeulevALXZlI8GZEyE

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks