General
-
Target
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8
-
Size
13.8MB
-
Sample
241021-tm1sjsyeja
-
MD5
6228d5ca4d945624841478fa0df03501
-
SHA1
ae3adbf6373b22345a2586309de31a5f72eeb25d
-
SHA256
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8
-
SHA512
aa7b41b348c2a7b192ccf28e6ebf7d0e28f5130ec547ecc8093c914129c132fcfdaa20279860f369ea1b4da83ec7603d96a02424348a03ef0a9b4288c861f983
-
SSDEEP
393216:bZvRrDjtLKkOa8ps6puAktIzwf+6pJTRGSUa+arvSPE:BRrDjt2kOa87QRa+SaaE
Static task
static1
Behavioral task
behavioral1
Sample
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8
-
Size
13.8MB
-
MD5
6228d5ca4d945624841478fa0df03501
-
SHA1
ae3adbf6373b22345a2586309de31a5f72eeb25d
-
SHA256
d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8
-
SHA512
aa7b41b348c2a7b192ccf28e6ebf7d0e28f5130ec547ecc8093c914129c132fcfdaa20279860f369ea1b4da83ec7603d96a02424348a03ef0a9b4288c861f983
-
SSDEEP
393216:bZvRrDjtLKkOa8ps6puAktIzwf+6pJTRGSUa+arvSPE:BRrDjt2kOa87QRa+SaaE
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1