Overview

overview

8

Static

static

a2f2fcd099...a3.exe

windows7_x64

8

a2f2fcd099...a3.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2f2fcd0990f64fcf37678c2733fccf1d5db3dd29a38334b810c271bfe437ba3

  • Size

    841KB

  • Sample

    210508-4t45ekz1f2

  • MD5

    e65505f19ce4bffacc98cbfc09128eb3

  • SHA1

    3bdfbbdff18f58f43d3e83827eed276b30ea54c3

  • SHA256

    a2f2fcd0990f64fcf37678c2733fccf1d5db3dd29a38334b810c271bfe437ba3

  • SHA512

    8216dce3f16506192e5264a9f76e23975d9d36a22f8c62644657b30d5d0493f93af43b0ce48ae63b528e8dd0a228efa1ebd4e41f9c0385c635ae69a922b05fc1

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      a2f2fcd0990f64fcf37678c2733fccf1d5db3dd29a38334b810c271bfe437ba3

    • Size

      841KB

    • MD5

      e65505f19ce4bffacc98cbfc09128eb3

    • SHA1

      3bdfbbdff18f58f43d3e83827eed276b30ea54c3

    • SHA256

      a2f2fcd0990f64fcf37678c2733fccf1d5db3dd29a38334b810c271bfe437ba3

    • SHA512

      8216dce3f16506192e5264a9f76e23975d9d36a22f8c62644657b30d5d0493f93af43b0ce48ae63b528e8dd0a228efa1ebd4e41f9c0385c635ae69a922b05fc1

    Score
    8/10
    persistencemacro

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks