48a3558f5c4f4125d7ce5ef8c71239c674123ac0147b6c202a92977493b0c5b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

7.4MB
Sample

240925-cy53zazcrn
MD5

1fb9195294d3f2c24f8a938c6c8d1628
SHA1

1516b7eb5d4130a2edf157f6f9b90ebdb6405363
SHA256

48a3558f5c4f4125d7ce5ef8c71239c674123ac0147b6c202a92977493b0c5b5
SHA512

e778a67237f2cb36d5a9dbcba468ba7b933012201707f8e32e588ab269e40b81ac551877aba70d199294e22c3679cef6f140afc8bb237e963e3acb8bb9479ccb
SSDEEP

196608:g9jGV2q1BKA1HeT39IigwRTet4Q4G/NsIlyzWXkRMY3o9W+:aGV2Kj1+TtIiFRS1NsIszWXGro8

Score

8^/10

execution persistence pyinstaller

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  7.4MB
- MD5
  
  1fb9195294d3f2c24f8a938c6c8d1628
- SHA1
  
  1516b7eb5d4130a2edf157f6f9b90ebdb6405363
- SHA256
  
  48a3558f5c4f4125d7ce5ef8c71239c674123ac0147b6c202a92977493b0c5b5
- SHA512
  
  e778a67237f2cb36d5a9dbcba468ba7b933012201707f8e32e588ab269e40b81ac551877aba70d199294e22c3679cef6f140afc8bb237e963e3acb8bb9479ccb
- SSDEEP
  
  196608:g9jGV2q1BKA1HeT39IigwRTet4Q4G/NsIlyzWXkRMY3o9W+:aGV2Kj1+TtIiFRS1NsIszWXGro8
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpersistence