Overview

overview

8

Static

static

afb1e67808...6c.exe

windows7_x64

8

afb1e67808...6c.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afb1e67808ed7898edc5c26ae38d8b565b53bff12133f955b7bdb46421c1126c

  • Size

    1.1MB

  • Sample

    210504-1nmqjeq7c2

  • MD5

    72a26fa05b969712a0a8d0969703a701

  • SHA1

    b927f496623f006ab393cd735c3b6b45ecc2e584

  • SHA256

    afb1e67808ed7898edc5c26ae38d8b565b53bff12133f955b7bdb46421c1126c

  • SHA512

    18bed2e88fb3ecc723677df23ed2efffa7dce57d3e9b48cf18d2c1ae2898b405cabce95079691b088f30eecc25ca685db4550157b4cbee9a87c17559d11e8e34

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      afb1e67808ed7898edc5c26ae38d8b565b53bff12133f955b7bdb46421c1126c

    • Size

      1.1MB

    • MD5

      72a26fa05b969712a0a8d0969703a701

    • SHA1

      b927f496623f006ab393cd735c3b6b45ecc2e584

    • SHA256

      afb1e67808ed7898edc5c26ae38d8b565b53bff12133f955b7bdb46421c1126c

    • SHA512

      18bed2e88fb3ecc723677df23ed2efffa7dce57d3e9b48cf18d2c1ae2898b405cabce95079691b088f30eecc25ca685db4550157b4cbee9a87c17559d11e8e34

    Score
    8/10
    persistencemacro

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks