General

  • Target

    xfer records serum keygen torrent.7z

  • Size

    18.2MB

  • Sample

    241002-refraszelq

  • MD5

    f09c651b93e9f95d179d52e45dcb00ad

  • SHA1

    0cf9c39097c3eb303675de1ed399fda5f2bcdd33

  • SHA256

    df2ad7b22cc43ffdf7fca650fdecd6cafc901ce5e983bdea15d24cba51c71947

  • SHA512

    84fc76d686b43ac982f62a1adca93fb7cab8ecb176aeec5caebe36c66ef37ca9b99839f91dd88b05db6565c6fd09e2e9518e91d0ce9e34be2ee43920879b988a

  • SSDEEP

    393216:PHrjo/u/zPGb+jmBWnJg0ZaDcuxib1N6nDhzX8fJ3Xof4hL81nXPARpA:PHvaurXks60UDdUbLuhot4QhQJXPA/A

Score
7/10

Malware Config

Targets

    • Target

      xfer records serum keygen torrent.exe

    • Size

      931.4MB

    • MD5

      4ed75fe9e829767a53f25779a5f3a31e

    • SHA1

      947eb55f6a633814a233d0ffe7e20aec1aba9241

    • SHA256

      a11f4d9dcb58cd6e184d80e0dc1f7a37c917a9d13526628c577201e12e173b74

    • SHA512

      7fb8d858fa7ff86c4a7556ca2f7feefee131281139243ca7505bd27f465a40478de3dd541941fe8b2238abddbf633957bb1bf629b5d6d4a9923e272c2b7181d5

    • SSDEEP

      393216:HxI7BCib8N86a055K6bPD5l2TSawdHTuq3nhDkdpWxIlH9:R7i10rnTy

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks