Overview

overview

10

Static

static

3

ab3233851d...0N.exe

windows7-x64

10

ab3233851d...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab3233851d7f29ea66074a9a50a59540N

  • Size

    330KB

  • Sample

    240908-xxd83s1gkl

  • MD5

    ab3233851d7f29ea66074a9a50a59540

  • SHA1

    7d5b8e5c84e0908261afa1f9f47264d2d1820724

  • SHA256

    f18dbf85ce6e20ff9639b55c4f595e76ed93888cf6a87afdad0abd5689f531cb

  • SHA512

    e27242405648634f9c572d8b67e0e62c536cf95b355a2eeecd676abcc0a993fb170d7515c298b9a0dbeed6c16b36ce502bb0d6ca2957c838624ca0385e930006

  • SSDEEP

    6144:YeC4EwZFoobUk8qp0qpgogZfpjkNaXihVP:8fhuLwflkLVP

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      ab3233851d7f29ea66074a9a50a59540N

    • Size

      330KB

    • MD5

      ab3233851d7f29ea66074a9a50a59540

    • SHA1

      7d5b8e5c84e0908261afa1f9f47264d2d1820724

    • SHA256

      f18dbf85ce6e20ff9639b55c4f595e76ed93888cf6a87afdad0abd5689f531cb

    • SHA512

      e27242405648634f9c572d8b67e0e62c536cf95b355a2eeecd676abcc0a993fb170d7515c298b9a0dbeed6c16b36ce502bb0d6ca2957c838624ca0385e930006

    • SSDEEP

      6144:YeC4EwZFoobUk8qp0qpgogZfpjkNaXihVP:8fhuLwflkLVP

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks