Overview

overview

10

Static

static

3

0c74feace8...2N.exe

windows7-x64

10

0c74feace8...2N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0c74feace818474efb489d084221b3e0bc826923d443e58e92d08b44d6aa6952N

  • Size

    355KB

  • Sample

    241003-xk2tlsvclc

  • MD5

    9708a46048900ad5f5e16fe81515f1c0

  • SHA1

    0103c31e2e31fe2d5c18fae3133c02aa13c05173

  • SHA256

    0c74feace818474efb489d084221b3e0bc826923d443e58e92d08b44d6aa6952

  • SHA512

    34ca4607dc8c42ab0b31003ac7b8df5558bbefe2b7010c8890804acc6283a2487fa667fad3b8197ddbfa0281981266ba2eca8631dd8ea5368ecafd6f7092bba9

  • SSDEEP

    6144:YeC4EwZFoobUk8qp0qpgogZfpjkNY8UKZj:8fhuLwflk7Uej

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      0c74feace818474efb489d084221b3e0bc826923d443e58e92d08b44d6aa6952N

    • Size

      355KB

    • MD5

      9708a46048900ad5f5e16fe81515f1c0

    • SHA1

      0103c31e2e31fe2d5c18fae3133c02aa13c05173

    • SHA256

      0c74feace818474efb489d084221b3e0bc826923d443e58e92d08b44d6aa6952

    • SHA512

      34ca4607dc8c42ab0b31003ac7b8df5558bbefe2b7010c8890804acc6283a2487fa667fad3b8197ddbfa0281981266ba2eca8631dd8ea5368ecafd6f7092bba9

    • SSDEEP

      6144:YeC4EwZFoobUk8qp0qpgogZfpjkNY8UKZj:8fhuLwflk7Uej

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks