General
-
Target
PAP46E1UkZ.exe
-
Size
17.0MB
-
Sample
241112-p81bpawndk
-
MD5
7e7f847852a496950c77e1447db6707f
-
SHA1
d61640d53fc5bb541b21cfe47c73783a742096af
-
SHA256
5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904
-
SHA512
9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c
-
SSDEEP
393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao
Behavioral task
behavioral1
Sample
PAP46E1UkZ.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
PAP46E1UkZ.exe
-
Size
17.0MB
-
MD5
7e7f847852a496950c77e1447db6707f
-
SHA1
d61640d53fc5bb541b21cfe47c73783a742096af
-
SHA256
5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904
-
SHA512
9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c
-
SSDEEP
393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1