Overview

overview

8

Static

static

652a6e69_b...is.exe

windows7_x64

8

652a6e69_b...is.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    652a6e69_by_Libranalysis

  • Size

    1.8MB

  • Sample

    210505-yhpegksvn2

  • MD5

    652a6e69205df15fae935c63048e6001

  • SHA1

    91e9ec0354e2befa362054a85298009e7d7985ca

  • SHA256

    0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c

  • SHA512

    b1273de9ea3329a2f9ba506c929a7cc264f90b102f8c57b06d4e414230272e54b0ed4e225c2a0ae7ae5e931c761164efc2fa68ddf11428b9e5bb7e67e33f7717

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      652a6e69_by_Libranalysis

    • Size

      1.8MB

    • MD5

      652a6e69205df15fae935c63048e6001

    • SHA1

      91e9ec0354e2befa362054a85298009e7d7985ca

    • SHA256

      0fbdb66d81f97c74640af563b58b4d93872ed48a0397754b5c51a5c76d32900c

    • SHA512

      b1273de9ea3329a2f9ba506c929a7cc264f90b102f8c57b06d4e414230272e54b0ed4e225c2a0ae7ae5e931c761164efc2fa68ddf11428b9e5bb7e67e33f7717

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks