General
-
Target
Crocodile H New Vs 65.exe
-
Size
8.1MB
-
Sample
241011-y5577ssblc
-
MD5
036c7fa8e5c2fd6fd96940cb00681cc4
-
SHA1
2ba284973a9156e08c4269ba4836a3464c7d890f
-
SHA256
8123553007e58a54ee4993af776c4db44aadc7ffe69236200a458f95829afed4
-
SHA512
264dd6924c51e8ea9cf08cb4ac60a5512b9053a95b73a80beeb8efe5bbadb4535d329ca0d0ea57eebb55b62801c07f8d30a79437e46b7a9007e3916232201e93
-
SSDEEP
196608:qS11aazz+XwPi5MIH/TStWGH/TStWu/1Y2S1lW:qS11aOwHnGHnu/S2wE
Behavioral task
behavioral1
Sample
Crocodile H New Vs 65.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Crocodile H New Vs 65.exe
-
Size
8.1MB
-
MD5
036c7fa8e5c2fd6fd96940cb00681cc4
-
SHA1
2ba284973a9156e08c4269ba4836a3464c7d890f
-
SHA256
8123553007e58a54ee4993af776c4db44aadc7ffe69236200a458f95829afed4
-
SHA512
264dd6924c51e8ea9cf08cb4ac60a5512b9053a95b73a80beeb8efe5bbadb4535d329ca0d0ea57eebb55b62801c07f8d30a79437e46b7a9007e3916232201e93
-
SSDEEP
196608:qS11aazz+XwPi5MIH/TStWGH/TStWu/1Y2S1lW:qS11aOwHnGHnu/S2wE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2