General
-
Target
view
-
Size
82KB
-
Sample
250117-kxvjvazrbr
-
MD5
7a2fd1a40da81f9f74ffbb1d7bffe7c1
-
SHA1
6440deaae28b3ecea037059452694b91b6da00d7
-
SHA256
93906103521e87ab9ca28c33db4334e75fbbd53d4945a9d69b542c36a48eda62
-
SHA512
978c6de88258eb0c0d0186cad6f0b1deb3ee1268d96f428b108392750b759da048bc50712ce5bb5504f6e650f1ffea28962e7f5cac58a6e443b2e3e4aa0fd154
-
SSDEEP
1536:lYrk7BDJrHofW8ivICmX9ahOp4MFZLtGp52EzmQ2wtlx:aivIzNaolgkEzrP
Malware Config
Targets
-
-
Target
view
-
Size
82KB
-
MD5
7a2fd1a40da81f9f74ffbb1d7bffe7c1
-
SHA1
6440deaae28b3ecea037059452694b91b6da00d7
-
SHA256
93906103521e87ab9ca28c33db4334e75fbbd53d4945a9d69b542c36a48eda62
-
SHA512
978c6de88258eb0c0d0186cad6f0b1deb3ee1268d96f428b108392750b759da048bc50712ce5bb5504f6e650f1ffea28962e7f5cac58a6e443b2e3e4aa0fd154
-
SSDEEP
1536:lYrk7BDJrHofW8ivICmX9ahOp4MFZLtGp52EzmQ2wtlx:aivIzNaolgkEzrP
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Detected potential entity reuse from brand STEAM.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Discovery
Browser Information Discovery
1Network Share Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1