Overview

overview

7

Static

static

3

xfer recor...nt.exe

windows10-1703-x64

7

xfer recor...nt.exe

windows7-x64

7

xfer recor...nt.exe

windows10-2004-x64

7

Resubmissions

14-09-2024 09:36

240914-lk9nnsxcqm 10

14-09-2024 09:12

240914-k56l3swfjr 7

14-09-2024 09:01

240914-kywhjawglf 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xfer records serum keygen torrent.zip

  • Size

    21.8MB

  • Sample

    240914-k56l3swfjr

  • MD5

    809d1ebc7c393720540652218fdd082b

  • SHA1

    a94e26ef632469260216ef723ccc55bd8e6e75c2

  • SHA256

    0bff32f8d8be7319c67a45c16de6df8d964ef0bf0eb1b9006a9bf89fba2a3235

  • SHA512

    4a6d8ce1a026da573b6756b28baeb244f5f780b7100c9f96dc1a3c4475d87a1fe8d68d4284a5128b46429d5eb947d8e5373a658e1b74268b91054fcc9e5da3d0

  • SSDEEP

    393216:rQR28553MpFGpdDajN2lfSUAAaTO8nxsdswmTkGa8+GX3z2Kq6U4DL+0JDY8YI/:rH8/o8QolZAA5tmTkGF+Gz2KqhAi8f

Score
7/10
discovery

Malware Config

Targets

    • Target

      xfer records serum keygen torrent.exe

    • Size

      886.1MB

    • MD5

      c9926b827cc51ab2817a9503846a24d4

    • SHA1

      4d391a5d32407ef6ff671bd4de78b8ca78207632

    • SHA256

      2b29e0e504db868253668194d79bb5690c7f3b1f6a2152b27a5ae74b55322765

    • SHA512

      8a45ccbdd1dc2ea17cd69029c3fc7eae5119b3886786ec00064f379f68501d12db0d5688819462d4bfd5d2783b7b4299711278994026285efe743ee0b55ad590

    • SSDEEP

      393216:crr5w6A2nVU0NL4QMoDZzmw2ob75ffquUauHuMAeqn1DMekrMwi/rgUQdng:crrOpne0XgZrvcuT34pAwZg

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks