Overview

overview

7

Static

static

3

admin.exe

windows10-2004-x64

7

admin.exe

windows10-ltsc_2021-x64

7

admin.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    admin.exe

  • Size

    342KB

  • Sample

    250331-szgprssxhs

  • MD5

    6f57a433dc928532f94273e509e1e165

  • SHA1

    4f9193706a8c0276af4c92b7a86d3c7bb04fd4f0

  • SHA256

    a8cb1f70c6f69f6120c2f4e47b5658cca9a27b3fffdc7cbe1056e6ab93383c81

  • SHA512

    6867c52c74bbbe5dd98895f7923bd1c7d7056bb76efe5fcc49c347a7f7ef7ad517178ded20bcfbb9f6b60be591508bbe27ad6db0fcc61c0cbafafab639e9dbd3

  • SSDEEP

    6144:evHh6j8vEoadosWFRLl0cavPTck2tYI26qIPDpS/Lbg3ZKtPNO:ePJERdoVFYcIT/826qIPDpS/3gktFO

Score
7/10
persistence

Malware Config

Targets

    • Target

      admin.exe

    • Size

      342KB

    • MD5

      6f57a433dc928532f94273e509e1e165

    • SHA1

      4f9193706a8c0276af4c92b7a86d3c7bb04fd4f0

    • SHA256

      a8cb1f70c6f69f6120c2f4e47b5658cca9a27b3fffdc7cbe1056e6ab93383c81

    • SHA512

      6867c52c74bbbe5dd98895f7923bd1c7d7056bb76efe5fcc49c347a7f7ef7ad517178ded20bcfbb9f6b60be591508bbe27ad6db0fcc61c0cbafafab639e9dbd3

    • SSDEEP

      6144:evHh6j8vEoadosWFRLl0cavPTck2tYI26qIPDpS/Lbg3ZKtPNO:ePJERdoVFYcIT/826qIPDpS/3gktFO

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks