Overview

overview

8

Static

static

f8cac500e5...f4.exe

windows7_x64

1

f8cac500e5...f4.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8cac500e5779aa213daf1193ff2833dcdef1c4536a07bf3dd6e343ccc6c92f4

  • Size

    2.0MB

  • Sample

    210505-np1479dst2

  • MD5

    90b72ddd3562fb66d36cb17a991755d8

  • SHA1

    17c8754dadadf4fafc4925e64afe33077ea0375d

  • SHA256

    f8cac500e5779aa213daf1193ff2833dcdef1c4536a07bf3dd6e343ccc6c92f4

  • SHA512

    58eedf5b30520ba9b5e0a471bca99eef4b130add8cd0cfdbc22743f77d9d661761c34e19c9e46bbb3c4dc62a275874a5d3ce26f9f6c9464ecd87a48ab19182d8

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      f8cac500e5779aa213daf1193ff2833dcdef1c4536a07bf3dd6e343ccc6c92f4

    • Size

      2.0MB

    • MD5

      90b72ddd3562fb66d36cb17a991755d8

    • SHA1

      17c8754dadadf4fafc4925e64afe33077ea0375d

    • SHA256

      f8cac500e5779aa213daf1193ff2833dcdef1c4536a07bf3dd6e343ccc6c92f4

    • SHA512

      58eedf5b30520ba9b5e0a471bca99eef4b130add8cd0cfdbc22743f77d9d661761c34e19c9e46bbb3c4dc62a275874a5d3ce26f9f6c9464ecd87a48ab19182d8

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks