Overview

overview

8

Static

static

3

204d12339a...9c.exe

windows7-x64

8

204d12339a...9c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    204d12339aee656dd74ae793af50b97780da2297716a222ca9d5e5716b1e729c

  • Size

    127KB

  • Sample

    241013-x9vftsyepq

  • MD5

    572c427f4a6204d0c1d16840e3ea6807

  • SHA1

    db81d828a801af0ea640aa186df1a17fb9fe75d7

  • SHA256

    204d12339aee656dd74ae793af50b97780da2297716a222ca9d5e5716b1e729c

  • SHA512

    b9e27e057914e8b5fa2deb370d3e0ea32b51dc306a4e4fcc9cd903841674835d748755a7872129cdcb399f95cfcd5f4848ef7c97b70bba8e1c40cf8e5700f0e8

  • SSDEEP

    3072:Z63Q77Nv63Q77NWTSjPXw23TGB4VasGu3T4ya:IQ7JeQ7Jugvw2Q6asGb

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      204d12339aee656dd74ae793af50b97780da2297716a222ca9d5e5716b1e729c

    • Size

      127KB

    • MD5

      572c427f4a6204d0c1d16840e3ea6807

    • SHA1

      db81d828a801af0ea640aa186df1a17fb9fe75d7

    • SHA256

      204d12339aee656dd74ae793af50b97780da2297716a222ca9d5e5716b1e729c

    • SHA512

      b9e27e057914e8b5fa2deb370d3e0ea32b51dc306a4e4fcc9cd903841674835d748755a7872129cdcb399f95cfcd5f4848ef7c97b70bba8e1c40cf8e5700f0e8

    • SSDEEP

      3072:Z63Q77Nv63Q77NWTSjPXw23TGB4VasGu3T4ya:IQ7JeQ7Jugvw2Q6asGb

    Score
    8/10
    discoveryevasionexecutionpersistenceprivilege_escalation

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks