General
-
Target
System1.0.3.exe
-
Size
66.3MB
-
Sample
241108-z3m5aasnar
-
MD5
457317e2c0c7b3c8e8879b679636ee22
-
SHA1
5ab1872ec8b6d3d3e638bf1e8fcd22ac5d097188
-
SHA256
0c973f584f9060a1f9b23516831d4eba0f8404ea8d6c697ba3917d06d01a46cc
-
SHA512
649eb2d0f6c3d97e996b54c056804b109b04056b2e9d086b88daa137a2269ffd484a1e8ef05c5a4359494416eb2d4f08036c521824a501ae30dc19a15f0cf8d9
-
SSDEEP
1572864:hrziNx5qATp+Tx8/zBd5XAsShFgsKtdAWqw19USTE7:Mx5q4p+MNAsS9KtTqe9UUE7
Static task
static1
Behavioral task
behavioral1
Sample
System1.0.3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
System1.0.3.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
System1.0.3.exe
-
Size
66.3MB
-
MD5
457317e2c0c7b3c8e8879b679636ee22
-
SHA1
5ab1872ec8b6d3d3e638bf1e8fcd22ac5d097188
-
SHA256
0c973f584f9060a1f9b23516831d4eba0f8404ea8d6c697ba3917d06d01a46cc
-
SHA512
649eb2d0f6c3d97e996b54c056804b109b04056b2e9d086b88daa137a2269ffd484a1e8ef05c5a4359494416eb2d4f08036c521824a501ae30dc19a15f0cf8d9
-
SSDEEP
1572864:hrziNx5qATp+Tx8/zBd5XAsShFgsKtdAWqw19USTE7:Mx5q4p+MNAsS9KtTqe9UUE7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1