90f033f2ffae0ad8a43cefb0e273ed33b54497ba65c19e0173e4cc7e6dec1757

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

itubego.exe
Size

3.1MB
MD5

dc849f6c2bc4c70d7d9b6710179bb689
SHA1

da66c75fcc16baf4d3b5ead360e4371e7481ac2c
SHA256

90f033f2ffae0ad8a43cefb0e273ed33b54497ba65c19e0173e4cc7e6dec1757
SHA512

23b17422fc18bab0d19ca8d2f7ac1ec10c9acad73c86b5a1ba0aa129eef5deeafa7f207f80d4e2b603516f21bed598fad5a448e4880ce03e613cc3062e4e2c3a
SSDEEP

98304:c5he7IdCb40s58A9QmAJPZoW3D12oRRYIa2KS+bnjGgH25leG9vEI/V:c5hQmed3RDeGhX/V

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	itubego.exe

C:\Users\Admin\AppData\Local\Temp\itubego.exe
"C:\Users\Admin\AppData\Local\Temp\itubego.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\f773cd2\config.ini

Filesize
1KB

MD5
ee488744e5340f0fdb03e0b24de44164

SHA1
7dcd6903285c6597cc20c777056c1c74acf70289

SHA256
e0dcf73005874a899c5f38b18b34079543b8b2934ddb2d2fb4b2d701b516d21d

SHA512
ce5e0ade4b79a07b6ac351490bf85527557deff8ff5ba460822c7fe5638501905d6c99b208e3dbfeb2e241d101ee052fe2dd78d2cbd77a688ea82f0eea6c0a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\f773cd2\language\en.ini

Filesize
3KB

MD5
761dcb59fd2bdc0796911ed7e995d4d4

SHA1
e0b0fe46c410d4f9e9e88e54bdb644caddfa7af7

SHA256
f5e520096ec75aa7017c9b2753c64eb7bf27d6b3ce3ae841c811db5bfb966516

SHA512
8311f837af010a5a3d419f2bff4369f80478a03cf47113f50739cc3bc2519930daa12ac84850800e9a37b18c65ca2fd7b35f1b2ce5fc8a406f130b53a58eef21

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp123_downloader\Cache\f773cd2\language\language.ini

Filesize
2KB

MD5
9e1b2b68bd6c0659e369208bf05e0a7e

SHA1
ab719e8bf467aec590c6d0f7b1ce25f9d9432b58

SHA256
54ba6c41e4325fa82d9faee282177b760458f11650a38b307d392142d4dcbf37

SHA512
ef3e12a9857c2351b69408c2608721a9425f7962e9c07fde0a8038dfe6139d849a858273f8aa80499c0752222631c672ac71bd7c3c9a401542c5ba0c9ff01516

Download Submit