99262ab91de9e9ddcab93e1f3f67cf356cbdb11bff959a05a51abbe1562f2366 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PID.Key.Checker.zip
Size

9.8MB
Sample

240818-zjd29swflq
MD5

d9ce6a2a781ad9f9a8af3ba4be5b6a97
SHA1

af930244881612133104d8a717242542c739f44a
SHA256

99262ab91de9e9ddcab93e1f3f67cf356cbdb11bff959a05a51abbe1562f2366
SHA512

d24ec5d172528585a56f9f9fc609bd31b0d5552bf671ea6fb28a29c61caa9c4cbd94415a80cc4417672cf11425b86d15de03e038ddc5fca832cc707e6e152608
SSDEEP

196608:ZurEAMcmPIaPhnCxylwa+0YAmH+BI5/kIhEHR+IfMlUBcf0+DgagAos0apc8:Zur9MIqqtH++9ex7fMlUY0+7tS8

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  PID.Key.Checker.zip
- Size
  
  9.8MB
- MD5
  
  d9ce6a2a781ad9f9a8af3ba4be5b6a97
- SHA1
  
  af930244881612133104d8a717242542c739f44a
- SHA256
  
  99262ab91de9e9ddcab93e1f3f67cf356cbdb11bff959a05a51abbe1562f2366
- SHA512
  
  d24ec5d172528585a56f9f9fc609bd31b0d5552bf671ea6fb28a29c61caa9c4cbd94415a80cc4417672cf11425b86d15de03e038ddc5fca832cc707e6e152608
- SSDEEP
  
  196608:ZurEAMcmPIaPhnCxylwa+0YAmH+BI5/kIhEHR+IfMlUBcf0+DgagAos0apc8:Zur9MIqqtH++9ex7fMlUY0+7tS8
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3
- Target
  
  PID Key Checker/AutomaticUpdater.dll
- Size
  
  82KB
- MD5
  
  2863fe94130e9c2e83198f64d328bb9e
- SHA1
  
  5f6427275fb25459ab877182f1d2dd82b6423f11
- SHA256
  
  80e08b87c32e5d4090fc3b08657d98f5aaac4c60b275adcc69b026829ccf3b1b
- SHA512
  
  ef38b2398ca062ea81859aafc5ce752560752627ad76e412b8659f18c0630b15aa03f8824b63a9fb4cdcd74dff5eaee24ea9af26c7401bca5619656ded2e371d
- SSDEEP
  
  1536:Pw8kFf++WXqyuUtSzgH0AIryrsfSv8yfe+gOVrFc9cui0o8CO0O:Pgf+rXUUtSzLVpyfe+ggFc9cui0osT
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  PID Key Checker/PID Key Checker.exe
- Size
  
  9.7MB
- MD5
  
  cfae82ef8329044b196c682444c2060e
- SHA1
  
  e7bdd49030e7a6b8efef1a4201e95f2a385a06f6
- SHA256
  
  22fc1ce3806264ff01abc40e818a70bc467027b9dea29422a362d15e48e108bd
- SHA512
  
  783ae2588d9a557be59eabe4107e0fdd7c97f3173f3e11bb4ade53c19e16d8497a71599492408849a5eeb7a56278f3d50a3417971c8d1b388fc550731aa30037
- SSDEEP
  
  98304:z2xA9DMbJcioxcKK2SewFiYCJc7vfmIAh19DMbJcioxcKK2SewFiYCJc7vfmIqNn:ytAAqMsiD6Gu
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9