Resubmissions

22-08-2024 18:25

240822-w2nsms1dng 10

22-08-2024 18:12

240822-ws5psstbjn 10

General

  • Target

    dsf32544r3.7z

  • Size

    10.1MB

  • Sample

    240822-ws5psstbjn

  • MD5

    cf7e488dcf9e405e729def95b3dab08f

  • SHA1

    dead5ea86c4909572a1bd98b70b022251c6560c2

  • SHA256

    e5c1774599c40e4a003b4f03c2a8a98ec3f947d117ebc86196b18d53eb2a4e75

  • SHA512

    1fef281468f7aed4146ce69cce355beca490026a80763047052488ce4b7fd0605a4533db44b935db843ea5753f2b92d7f2ac385bf82933301a9f15a821a8a695

  • SSDEEP

    196608:Q6w7J2fCf62evOCUhNoxXoFdKRib+lW8ZGX04tvBZk40g0/td0sV5C2pGH90:Q6dfCNeLUXkYFdKRjlZ3ovxGH0M5C2pZ

Score
10/10

Malware Config

Targets

    • Target

      File.exe

    • Size

      767.0MB

    • MD5

      7f99c1fa551e6cf7571ebb68ce3ccc83

    • SHA1

      8c613cbb870845f5091fd52c8d683adb45f5b807

    • SHA256

      39b8a6b8801ce97feacb776557aa5bf10c91b17ba3020a8125ee6d9a2e92a2e5

    • SHA512

      0e5242560161b825003585426d39be62094630804f0ca81fe87e9be323fb90cff9783a723638633cc39074759fba1b67ad2548339eddcaab1c586820770b386e

    • SSDEEP

      49152:R5QjBYQHlV1zk0nd3g+il+xC6730Pp2NqDIRfxad+5mHuiKd+ZhO3Iu3X09mh:RqjKUTzJndQwxC673FM+fz+83X0A

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks