eb398cb2d9d727ff94edd6aea84de0d189c534d95455a27d427638a226f6d938 | Triage

Resubmissions

22-10-2024 02:18

241022-crf59sshrk 10

22-10-2024 02:11

241022-cmjetssgjn 7

Sharing

General

Target

Update.exe
Size

52.4MB
Sample

241022-cmjetssgjn
MD5

3dde547165feb16f555c7ef43b5e079f
SHA1

c942d3518b4eeebdfe57e134d1c5f469ef5d4b7d
SHA256

eb398cb2d9d727ff94edd6aea84de0d189c534d95455a27d427638a226f6d938
SHA512

5b5269b5cc8b46791a910212a2a0e5b1e33e64887f63ffb7ee5d6c2d646548d88d2561965b9d85c67c155ad0507d9b705dece9b4d91f6eec3b189b07312c3f12
SSDEEP

1572864:UtQucBzdoArq05SEk1AC4TvA3aRa7ekkA8w8:+UmAW08AC4TvAmsekJ8

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Update.exe
- Size
  
  52.4MB
- MD5
  
  3dde547165feb16f555c7ef43b5e079f
- SHA1
  
  c942d3518b4eeebdfe57e134d1c5f469ef5d4b7d
- SHA256
  
  eb398cb2d9d727ff94edd6aea84de0d189c534d95455a27d427638a226f6d938
- SHA512
  
  5b5269b5cc8b46791a910212a2a0e5b1e33e64887f63ffb7ee5d6c2d646548d88d2561965b9d85c67c155ad0507d9b705dece9b4d91f6eec3b189b07312c3f12
- SSDEEP
  
  1572864:UtQucBzdoArq05SEk1AC4TvA3aRa7ekkA8w8:+UmAW08AC4TvAmsekJ8
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1