Overview

overview

8

Static

static

c60a0762b9...0b.exe

windows7_x64

8

c60a0762b9...0b.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c60a0762b935bcd5d251f3eb2ce55cd42a822119f7cc81a66621549dff730b0b

  • Size

    1.5MB

  • Sample

    210511-98ywjmc2zs

  • MD5

    1cca983212e765ec2912e5368d157f86

  • SHA1

    8a119ae0ecaca96e7712391e6907441e03ab1529

  • SHA256

    c60a0762b935bcd5d251f3eb2ce55cd42a822119f7cc81a66621549dff730b0b

  • SHA512

    3385f8e7b05ec8a3398c04d1c82c31148f99da9e043b014aa2087a98b5475e96cce6c92ebf75ea5f50d3a6ce6fc155ea1e28c5372b10870d7cb2ce0d82bc55a4

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      c60a0762b935bcd5d251f3eb2ce55cd42a822119f7cc81a66621549dff730b0b

    • Size

      1.5MB

    • MD5

      1cca983212e765ec2912e5368d157f86

    • SHA1

      8a119ae0ecaca96e7712391e6907441e03ab1529

    • SHA256

      c60a0762b935bcd5d251f3eb2ce55cd42a822119f7cc81a66621549dff730b0b

    • SHA512

      3385f8e7b05ec8a3398c04d1c82c31148f99da9e043b014aa2087a98b5475e96cce6c92ebf75ea5f50d3a6ce6fc155ea1e28c5372b10870d7cb2ce0d82bc55a4

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks