General
-
Target
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe
-
Size
45KB
-
Sample
241113-yxnyysxqbs
-
MD5
ba17472a8155ff38b3b6fa9a17f5aa70
-
SHA1
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e
-
SHA256
ed04bf92f6fdea80a5580a3dc115ab38332ad30418d4611f8942e3f8f18b45fb
-
SHA512
6c2cb93efddb3205700c6406b3345b711c84bb64fe093dddad2cb6b16163cdb8883d8bde3b42cee2b7d82fa394fb6a5b9307252f66aef7b32bd68ae862a885d4
-
SSDEEP
768:fWHoI5XPDHzT8d7tGjOr1IS72G5JBCASbBRUT0h9SGQ889LWrB6SSe7vrQ/HNH:fW5k7tGU1vljSVGAh9189LWroFe7M/HF
Static task
static1
Behavioral task
behavioral1
Sample
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e.exe
-
Size
45KB
-
MD5
ba17472a8155ff38b3b6fa9a17f5aa70
-
SHA1
fd81eb5f702b8c0d8a790bf6cced05f3d2b4ae7e
-
SHA256
ed04bf92f6fdea80a5580a3dc115ab38332ad30418d4611f8942e3f8f18b45fb
-
SHA512
6c2cb93efddb3205700c6406b3345b711c84bb64fe093dddad2cb6b16163cdb8883d8bde3b42cee2b7d82fa394fb6a5b9307252f66aef7b32bd68ae862a885d4
-
SSDEEP
768:fWHoI5XPDHzT8d7tGjOr1IS72G5JBCASbBRUT0h9SGQ889LWrB6SSe7vrQ/HNH:fW5k7tGU1vljSVGAh9189LWroFe7M/HF
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1