General
-
Target
70f758a17090a074e26662dee56282d991ce55a6.exe
-
Size
45KB
-
Sample
241113-yxnyys1rfj
-
MD5
0ffb0e04f66e70f0cd320df2db61999e
-
SHA1
70f758a17090a074e26662dee56282d991ce55a6
-
SHA256
9677f7bc0da5cb2654fb6cc9e0ac3c65208c69cc1d4e7aa7707a30133d058621
-
SHA512
c287b991970602307b7ebba6d95acc5b02e0d753565a5c1b4622bd94161912e891ec2896f964bf7f350f72f6ed5eeaa41f9116e63c9cfeea61d40067ed9f79a1
-
SSDEEP
768:FeVp2VD9ncfBhrcXnbvOpXBrWB2pRULQe9SOf4hYB6S5GPvr/Sw:FeVYD96GvOpXBrHGse9QhYoqGPz/Sw
Static task
static1
Behavioral task
behavioral1
Sample
70f758a17090a074e26662dee56282d991ce55a6.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
70f758a17090a074e26662dee56282d991ce55a6.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
70f758a17090a074e26662dee56282d991ce55a6.exe
-
Size
45KB
-
MD5
0ffb0e04f66e70f0cd320df2db61999e
-
SHA1
70f758a17090a074e26662dee56282d991ce55a6
-
SHA256
9677f7bc0da5cb2654fb6cc9e0ac3c65208c69cc1d4e7aa7707a30133d058621
-
SHA512
c287b991970602307b7ebba6d95acc5b02e0d753565a5c1b4622bd94161912e891ec2896f964bf7f350f72f6ed5eeaa41f9116e63c9cfeea61d40067ed9f79a1
-
SSDEEP
768:FeVp2VD9ncfBhrcXnbvOpXBrWB2pRULQe9SOf4hYB6S5GPvr/Sw:FeVYD96GvOpXBrHGse9QhYoqGPz/Sw
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1