Overview

overview

8

Static

static

e1e4dd8b00...ab.exe

windows7_x64

8

e1e4dd8b00...ab.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab

  • Size

    10.7MB

  • Sample

    210504-2b1s5ztjqj

  • MD5

    cd096364a7358e56a1688637fa8e7da5

  • SHA1

    30e1df1ecfcebdd22cf2f0a574d9caf7ef0f6e86

  • SHA256

    e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab

  • SHA512

    a6fe50f9300518baa4611d831d3947870771022701a6d32a9c4896bd889246e018b5bba8adb6a5e744de3bbd9b6b9a7b1356b68fddea161193344c07fdb5db9a

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab

    • Size

      10.7MB

    • MD5

      cd096364a7358e56a1688637fa8e7da5

    • SHA1

      30e1df1ecfcebdd22cf2f0a574d9caf7ef0f6e86

    • SHA256

      e1e4dd8b0070f16a5a6e831ff85b128fc57e452b07e192655921250fc060e9ab

    • SHA512

      a6fe50f9300518baa4611d831d3947870771022701a6d32a9c4896bd889246e018b5bba8adb6a5e744de3bbd9b6b9a7b1356b68fddea161193344c07fdb5db9a

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks