b8e8fcd1a357dd2810fbc8d0d33f956a61f922ac99cebd251cd049245b1efe56 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

codeXD.exe

windows10-ltsc 2021-x64

8

Sharing

General

Target

codeXD.exe
Size

4.2MB
Sample

241229-v6pp3avnaz
MD5

c4d688c317c230ed80083b528290628a
SHA1

f31d5c315d60891fe0e31961dd8426df52c81720
SHA256

b8e8fcd1a357dd2810fbc8d0d33f956a61f922ac99cebd251cd049245b1efe56
SHA512

a24b5444bb5a06cc99c24a48f77c2fee50b3ea619e7cf0e69f363d907b84c2cb55f8d6e0e8090ca241efb2870c0c747f7c01ab18cea9295a9a14d4b3c4d99dd8
SSDEEP

98304:CEbiEkJL7F31bTfXC6K17PJ5fSq7U6+1HUTNU8zsQok4+Hrz:JkJtFHfW5PJ5Z7U6eUTNDdnLz

Score

8^/10

microsoft defense_evasion discovery execution motw phishing spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

codeXD.exe

Resource

win10ltsc2021-20241211-en

microsoft defense_evasion discovery execution motw phishing spyware stealer

windows10-ltsc 2021-x64

28 signatures

900 seconds

Malware Config

Targets

- Target
  
  codeXD.exe
- Size
  
  4.2MB
- MD5
  
  c4d688c317c230ed80083b528290628a
- SHA1
  
  f31d5c315d60891fe0e31961dd8426df52c81720
- SHA256
  
  b8e8fcd1a357dd2810fbc8d0d33f956a61f922ac99cebd251cd049245b1efe56
- SHA512
  
  a24b5444bb5a06cc99c24a48f77c2fee50b3ea619e7cf0e69f363d907b84c2cb55f8d6e0e8090ca241efb2870c0c747f7c01ab18cea9295a9a14d4b3c4d99dd8
- SSDEEP
  
  98304:CEbiEkJL7F31bTfXC6K17PJ5fSq7U6+1HUTNU8zsQok4+Hrz:JkJtFHfW5PJ5Z7U6eUTNDdnLz
Score

8^/10

microsoft defense_evasion discovery execution motw phishing spyware stealer
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- A potential corporate email address has been identified in the URL: Lorawght@600
  phishing
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdefense_evasiondiscoveryexecutionmotwphishingspywarestealer

© 2018-2025

Terms | Privacy