Overview

overview

8

Static

static

e8db98ec68...7f.exe

windows7_x64

8

e8db98ec68...7f.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8db98ec681b399cf47556bb28e154cd093114f3df3178c70183cbd3b22d167f

  • Size

    1.9MB

  • Sample

    210504-9gyddaepwe

  • MD5

    86fe1d2791c1a1622498f8bb66afcf03

  • SHA1

    470e6a648d8f04555989d5343c5c96e98f8cad21

  • SHA256

    e8db98ec681b399cf47556bb28e154cd093114f3df3178c70183cbd3b22d167f

  • SHA512

    181179f741973ce7cdfbe1332c4008a6640b014722a27a4ee1babac22c9220d0a636436019ddad68408416dab9bc04e74ee5ef5551b76b9d148f159fb50b8b79

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      e8db98ec681b399cf47556bb28e154cd093114f3df3178c70183cbd3b22d167f

    • Size

      1.9MB

    • MD5

      86fe1d2791c1a1622498f8bb66afcf03

    • SHA1

      470e6a648d8f04555989d5343c5c96e98f8cad21

    • SHA256

      e8db98ec681b399cf47556bb28e154cd093114f3df3178c70183cbd3b22d167f

    • SHA512

      181179f741973ce7cdfbe1332c4008a6640b014722a27a4ee1babac22c9220d0a636436019ddad68408416dab9bc04e74ee5ef5551b76b9d148f159fb50b8b79

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks