General
-
Target
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
-
Size
512KB
-
Sample
240711-j5trvaxekq
-
MD5
2ce350ee947edcd74e4c1cc82e33a699
-
SHA1
580342cdda916ae79ca216752f734f68435a95bd
-
SHA256
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc
-
SHA512
53fdebdb4d5ea08a36633a464e614e327e8423b4b77dc4a93e5d9662e16b806cf0b19816ffa3dbd68019a1f3df9f26b923cd3f2a6ab76fb4514296593bef7ea9
-
SSDEEP
12288:m0ODu4jwB9gqHb6plub9f2/h7EzJVK6k4F6nxei9AnUMA9z:ma4jW9lHGpI5fwh7EzJVvCxekb
Static task
static1
Behavioral task
behavioral1
Sample
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe
-
Size
512KB
-
MD5
2ce350ee947edcd74e4c1cc82e33a699
-
SHA1
580342cdda916ae79ca216752f734f68435a95bd
-
SHA256
1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc
-
SHA512
53fdebdb4d5ea08a36633a464e614e327e8423b4b77dc4a93e5d9662e16b806cf0b19816ffa3dbd68019a1f3df9f26b923cd3f2a6ab76fb4514296593bef7ea9
-
SSDEEP
12288:m0ODu4jwB9gqHb6plub9f2/h7EzJVK6k4F6nxei9AnUMA9z:ma4jW9lHGpI5fwh7EzJVvCxekb
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1