c8f3a93567b321f2c1eb3ef0bdd32fd0e2e47687a84519bb710587dec34161bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winzip28-p003.exe
Size

2.8MB
Sample

240724-at8xysxdrk
MD5

4dc14456b4b6e43eebbcd5c397f5dc38
SHA1

c138810ed1da1098b901643ebe9b75dd519f1b41
SHA256

c8f3a93567b321f2c1eb3ef0bdd32fd0e2e47687a84519bb710587dec34161bf
SHA512

106bffe84d43d2deb7e7aab59fc3df12ddf0c81dea10fea1a1467b2e238caf17b60262087d62f727b63c8d56b4f89fafc4c463c391a8db316719271ab0ca9579
SSDEEP

49152:c9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqEg:CbCpEYV9uSF5/mt/Ll5xY3gkHu+bHjg

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  winzip28-p003.exe
- Size
  
  2.8MB
- MD5
  
  4dc14456b4b6e43eebbcd5c397f5dc38
- SHA1
  
  c138810ed1da1098b901643ebe9b75dd519f1b41
- SHA256
  
  c8f3a93567b321f2c1eb3ef0bdd32fd0e2e47687a84519bb710587dec34161bf
- SHA512
  
  106bffe84d43d2deb7e7aab59fc3df12ddf0c81dea10fea1a1467b2e238caf17b60262087d62f727b63c8d56b4f89fafc4c463c391a8db316719271ab0ca9579
- SSDEEP
  
  49152:c9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqEg:CbCpEYV9uSF5/mt/Ll5xY3gkHu+bHjg
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2