50a84a2dd1d813612773f1f60aa8718f594c6938e8e9982e065e4413672def25 | Triage

Resubmissions

04-10-2024 13:23

241004-qmrm4azgrc 10

04-10-2024 13:12

241004-qfzp5awbmk 10

Sharing

General

Target

xfer records serum keygen torrent.7z
Size

18.3MB
Sample

241004-qfzp5awbmk
MD5

0c904c2e119f0a241ec083f359a5138a
SHA1

60f0ccae20b77b532761a7750e75b0a92bc46460
SHA256

50a84a2dd1d813612773f1f60aa8718f594c6938e8e9982e065e4413672def25
SHA512

7d64cd91a60d7d0bbfa49d2b6f2b1f6a06a8987b2856eaeebd1a9a4318f85f155deec7c6d1895aba083ec4c465175e1260f8fb79f9750a8ec57952e1d5cdb999
SSDEEP

393216:HHfofA5uzq8LvpS1EX5uCDdz5wuK8nNArsgmMSRdq6RcCwFn:HHfofA5uhsOJuCDTKWArspqMwFn

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  xfer records serum keygen torrent.exe
- Size
  
  812.6MB
- MD5
  
  76b063d4e93b1a531aa8229fcd040fdc
- SHA1
  
  455dca4bca7bba9a58fe3da8a2009ffbfea9d564
- SHA256
  
  947044214ba2361dd254cc28914c493c503c8adf2168e49ac3d2a4c456e7ec1f
- SHA512
  
  677b60a35fc3d20473e7800bd7dd34916cea1400e6c6a04256eba12ac27bc2049e39c635bc835d12f866e9594188f262996bde6c9fe533131d5f1d0974f868ac
- SSDEEP
  
  393216:SjSaYvGcXONtlftAzaSPekmWfYErCqbNlHqu0mnCNlCKbxd/9e5L/Ua:SuNu9DlftudGju5nqnJAz
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

behavioral3

discoveryevasion