36d8428d1e2f8116f288aed6a3466144d81c8a922cb589416ec3fae9a533f1ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Windscribe_2.10.16.exe
Size

24.6MB
Sample

240727-rwallsxamh
MD5

a586ee9407d50f3f26b0c65b967a2a77
SHA1

c2977fc7d039c0eda6c816477415a257e85037ca
SHA256

36d8428d1e2f8116f288aed6a3466144d81c8a922cb589416ec3fae9a533f1ea
SHA512

146bec0b9a0b0d8ab94b76c322e5e0e80131c276d6b53199e9413347bed11fd5b12d6622717f0f8497a0aab0cba428f393ffa93203e98f7527a4801baf7f8fd6
SSDEEP

393216:SntmQlURIlyJLsE/sYj0bKFGvzlfgwgJnOF3e+dLTnJ5oqR7hu9dmUKXzn:SthwIlasS4eFuzlTgJOA6V5jFu9d+

Score

7^/10

Malware Config

Targets

- Target
  
  Windscribe_2.10.16.exe
- Size
  
  24.6MB
- MD5
  
  a586ee9407d50f3f26b0c65b967a2a77
- SHA1
  
  c2977fc7d039c0eda6c816477415a257e85037ca
- SHA256
  
  36d8428d1e2f8116f288aed6a3466144d81c8a922cb589416ec3fae9a533f1ea
- SHA512
  
  146bec0b9a0b0d8ab94b76c322e5e0e80131c276d6b53199e9413347bed11fd5b12d6622717f0f8497a0aab0cba428f393ffa93203e98f7527a4801baf7f8fd6
- SSDEEP
  
  393216:SntmQlURIlyJLsE/sYj0bKFGvzlfgwgJnOF3e+dLTnJ5oqR7hu9dmUKXzn:SthwIlasS4eFuzlTgJOA6V5jFu9d+
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2