0c10769b277cf217dae2877ecd476e70413907f4eb7a70de55c2fba4edc947ea | Triage

Sharing

General

Target

XLN_KeyGen.exe
Size

800KB
Sample

241120-dlrv9azfjr
MD5

952d893926df7a8d5879f2ffeb96e96e
SHA1

2a2f3faa2c7670a52e27b838c81737e6c9b4f965
SHA256

0c10769b277cf217dae2877ecd476e70413907f4eb7a70de55c2fba4edc947ea
SHA512

4e456fdfac6ea38d0746b2a516c04fd797f75def9dfe3b2fd7a2c1f934f14f1f644e61809d660c542ffbce9e2198651a8376f5c92a2afe5455e286e051a34a56
SSDEEP

24576:UcLjNw85Iyerj0xe41VExk6DVPiFeoMkPr4Q:UAemLEj0xeuqifPr4Q

Score

7^/10

discovery phishing

Malware Config

Targets

- Target
  
  XLN_KeyGen.exe
- Size
  
  800KB
- MD5
  
  952d893926df7a8d5879f2ffeb96e96e
- SHA1
  
  2a2f3faa2c7670a52e27b838c81737e6c9b4f965
- SHA256
  
  0c10769b277cf217dae2877ecd476e70413907f4eb7a70de55c2fba4edc947ea
- SHA512
  
  4e456fdfac6ea38d0746b2a516c04fd797f75def9dfe3b2fd7a2c1f934f14f1f644e61809d660c542ffbce9e2198651a8376f5c92a2afe5455e286e051a34a56
- SSDEEP
  
  24576:UcLjNw85Iyerj0xe41VExk6DVPiFeoMkPr4Q:UAemLEj0xeuqifPr4Q
Score

7^/10

discovery phishing
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  $TEMP/BASSMOD.dll
- Size
  
  33KB
- MD5
  
  e4ec57e8508c5c4040383ebe6d367928
- SHA1
  
  b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06
- SHA256
  
  8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f
- SHA512
  
  77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822
- SSDEEP
  
  768:qQmS5iUgi5czW+DlrQOS1DeDdjgNtbX4O6DHix84H0:qQz5Tgof+DdpS1+djctLSHiZ0
Score

3^/10

discovery
behavioral2
- Target
  
  $TEMP/R2RXLNKG.dll
- Size
  
  6KB
- MD5
  
  edc9d719c3bdb5702e28abf9df8359b6
- SHA1
  
  d433026c1a8c51552d1ad657a8fccf81cc73ac76
- SHA256
  
  76d9ffeeb89773c56d58fd8935c2d310aacdae3b590f3cc7aa24ed267339a735
- SHA512
  
  a7f866c2bce0e73d893bc07d5a298f5905ea3cddd11e111e5c1195959a9e5f2a0607670b6506860cadd1fa88eef05bf23063128c0d806184ec35d9daa0327197
- SSDEEP
  
  96:MuPsNE+ByIO4EOkkIrZjr1LTReB55H7bl01tzDAQ2bJJ:M39BLEOqjr9TGD2TDAQ2
Score

3^/10

discovery
behavioral3
- Target
  
  $TEMP/keygen.exe
- Size
  
  443KB
- MD5
  
  2cf51f0737ff7c3b804f5c9646b627c7
- SHA1
  
  d37ec75aca03b01e7f79d760a9ba02ec2b03eff4
- SHA256
  
  5c9509349f39b2fcade22eb219126d45831920fcb4f319191f2f4a9e7643371a
- SHA512
  
  ebd931371967f129aa2dd2051c89fd15d6f615a55edfb5f25dc7d518254c8b9625fec9f35e76f72e532337aeefd89bd5ff713df85a6904c483d37f41a133aad7
- SSDEEP
  
  6144:bcmzikEPDonRgNgz1+hw6hNgPfHv9PAimIAOYyFGn4eg6QKxE1aal/i:bc/kEPDonR6Y436vRjFGnJEFi
Score

3^/10

discovery
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryphishing

behavioral2

behavioral3

behavioral4