Overview

overview

8

Static

static

91f9acd35e...9e.exe

windows7_x64

1

91f9acd35e...9e.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91f9acd35e7aa12fbc2c798f040de0cdf7f08cf4c8455057fc4022d54a7e349e

  • Size

    4.5MB

  • Sample

    210509-eg4twlezmn

  • MD5

    9bd2de317571c7abfee83be055a9a341

  • SHA1

    7e9282b7898b1ad3422873fc2cd5070c328257fd

  • SHA256

    91f9acd35e7aa12fbc2c798f040de0cdf7f08cf4c8455057fc4022d54a7e349e

  • SHA512

    472978fc6ad3303d82e75def6acea6240610a377bb9bd481c87d553f914f90e26d9b0056abb6669cf93f5a66f59a0226e4394ebe8f696bde30880c6209df791a

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      91f9acd35e7aa12fbc2c798f040de0cdf7f08cf4c8455057fc4022d54a7e349e

    • Size

      4.5MB

    • MD5

      9bd2de317571c7abfee83be055a9a341

    • SHA1

      7e9282b7898b1ad3422873fc2cd5070c328257fd

    • SHA256

      91f9acd35e7aa12fbc2c798f040de0cdf7f08cf4c8455057fc4022d54a7e349e

    • SHA512

      472978fc6ad3303d82e75def6acea6240610a377bb9bd481c87d553f914f90e26d9b0056abb6669cf93f5a66f59a0226e4394ebe8f696bde30880c6209df791a

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks