General

  • Target

    Crocodile H New Vs 65.exe

  • Size

    8.1MB

  • Sample

    241011-y5577ssblc

  • MD5

    036c7fa8e5c2fd6fd96940cb00681cc4

  • SHA1

    2ba284973a9156e08c4269ba4836a3464c7d890f

  • SHA256

    8123553007e58a54ee4993af776c4db44aadc7ffe69236200a458f95829afed4

  • SHA512

    264dd6924c51e8ea9cf08cb4ac60a5512b9053a95b73a80beeb8efe5bbadb4535d329ca0d0ea57eebb55b62801c07f8d30a79437e46b7a9007e3916232201e93

  • SSDEEP

    196608:qS11aazz+XwPi5MIH/TStWGH/TStWu/1Y2S1lW:qS11aOwHnGHnu/S2wE

Malware Config

Targets

    • Target

      Crocodile H New Vs 65.exe

    • Size

      8.1MB

    • MD5

      036c7fa8e5c2fd6fd96940cb00681cc4

    • SHA1

      2ba284973a9156e08c4269ba4836a3464c7d890f

    • SHA256

      8123553007e58a54ee4993af776c4db44aadc7ffe69236200a458f95829afed4

    • SHA512

      264dd6924c51e8ea9cf08cb4ac60a5512b9053a95b73a80beeb8efe5bbadb4535d329ca0d0ea57eebb55b62801c07f8d30a79437e46b7a9007e3916232201e93

    • SSDEEP

      196608:qS11aazz+XwPi5MIH/TStWGH/TStWu/1Y2S1lW:qS11aOwHnGHnu/S2wE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks