Overview

overview

8

Static

static

cce973b40f...b2.exe

windows7_x64

8

cce973b40f...b2.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a5a192bd90e11d69411b772e683121b.zip

  • Size

    2.7MB

  • Sample

    220526-m84yrsegbk

  • MD5

    f89095dc1e701c7b2afb87794f042def

  • SHA1

    89c4c256d7e3d13732cb3c15b3d6272b4fcaa799

  • SHA256

    08c96573ef49ec027f0f9e466e85619d6324c5b62eabfc1f26c0d4ac2d571486

  • SHA512

    22d2c13eb02499a9647bafc77796f84e0dffb31fc013afe4d886f90f3168c542d13be7670bb1ca2d5e428dbe7d3c87797519712eb804ac892b52215225ff92fc

Score
8/10

Malware Config

Targets

    • Target

      cce973b40f864284f2226213f1989c45861d89fd62eb0e311e880f5d017e23b2

    • Size

      276.0MB

    • MD5

      8a5a192bd90e11d69411b772e683121b

    • SHA1

      aa2028f90a3cd0cf04a2ead9a5ec6ff03f95e8e2

    • SHA256

      cce973b40f864284f2226213f1989c45861d89fd62eb0e311e880f5d017e23b2

    • SHA512

      81ec27bc03567466dc1cdfac7ceb7e9f34ee0cbe1bcc4d933009c7237cb3ad027d2bdfc88fcd39e62caa4e480b05254cc5da2c4b9861fc9c3e87f67ed3b0c387

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks