Overview

overview

8

Static

static

7fa6b29f1b...27.exe

windows7_x64

8

7fa6b29f1b...27.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fa6b29f1b65874d1485afc400d2ef25de0cc5de1241a24447966a0adb6d6127

  • Size

    5.3MB

  • Sample

    210504-jk1c54p4le

  • MD5

    df37d36af58d9469c2f5d547b6876df4

  • SHA1

    3b64b5e903abd84bcc7a8dc8f38759144ae44cab

  • SHA256

    7fa6b29f1b65874d1485afc400d2ef25de0cc5de1241a24447966a0adb6d6127

  • SHA512

    e887c3e37d7560cec392699d0da904ffb5326324c5365e4ac958fa1486fae74799e372095ff0be66bcb138ee32da965f10b1891f43e10894e9aab17d65477a52

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      7fa6b29f1b65874d1485afc400d2ef25de0cc5de1241a24447966a0adb6d6127

    • Size

      5.3MB

    • MD5

      df37d36af58d9469c2f5d547b6876df4

    • SHA1

      3b64b5e903abd84bcc7a8dc8f38759144ae44cab

    • SHA256

      7fa6b29f1b65874d1485afc400d2ef25de0cc5de1241a24447966a0adb6d6127

    • SHA512

      e887c3e37d7560cec392699d0da904ffb5326324c5365e4ac958fa1486fae74799e372095ff0be66bcb138ee32da965f10b1891f43e10894e9aab17d65477a52

    Score
    8/10
    persistencemacro

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks