Overview

overview

8

Static

static

c995d02e91...e7.exe

windows7_x64

8

c995d02e91...e7.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c995d02e91582a73515e37d63c7eff6b838415646f0ffa1841ce55712f0a04e7

  • Size

    920KB

  • Sample

    210509-lp3twyl3d6

  • MD5

    b029be4945669ea7ad292bf63cea4b59

  • SHA1

    494e33885a3496d619c8d565b94cddc776647a35

  • SHA256

    c995d02e91582a73515e37d63c7eff6b838415646f0ffa1841ce55712f0a04e7

  • SHA512

    ed387aa0113eeae43ea51508aafef34e638054e28bb82477d9d7751adac50c18584b4db640f42134c34302a065fc06902d8e35bbc51ba5ce446346366e854c41

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      c995d02e91582a73515e37d63c7eff6b838415646f0ffa1841ce55712f0a04e7

    • Size

      920KB

    • MD5

      b029be4945669ea7ad292bf63cea4b59

    • SHA1

      494e33885a3496d619c8d565b94cddc776647a35

    • SHA256

      c995d02e91582a73515e37d63c7eff6b838415646f0ffa1841ce55712f0a04e7

    • SHA512

      ed387aa0113eeae43ea51508aafef34e638054e28bb82477d9d7751adac50c18584b4db640f42134c34302a065fc06902d8e35bbc51ba5ce446346366e854c41

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks