Overview

overview

8

Static

static

faf45da59f...56.exe

windows7_x64

8

faf45da59f...56.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faf45da59f913c73fb3ca359c304ec54894ecd37d87a87e8c138cfeff10a2d56

  • Size

    972KB

  • Sample

    210511-n2cqsy3nas

  • MD5

    f99927aaee8ad779afa33e44c8335b9e

  • SHA1

    8c6a611f61e5b6656660e75b7596b095cf479912

  • SHA256

    faf45da59f913c73fb3ca359c304ec54894ecd37d87a87e8c138cfeff10a2d56

  • SHA512

    0e3158418090362cb36b74aa2cfe5d0e0dc70ea89fa067c1339db0720a4361cc21c26dcb43a3a25dc1d6ab2d118146fa94078eb566c5808dc76d1a260c58bd24

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      faf45da59f913c73fb3ca359c304ec54894ecd37d87a87e8c138cfeff10a2d56

    • Size

      972KB

    • MD5

      f99927aaee8ad779afa33e44c8335b9e

    • SHA1

      8c6a611f61e5b6656660e75b7596b095cf479912

    • SHA256

      faf45da59f913c73fb3ca359c304ec54894ecd37d87a87e8c138cfeff10a2d56

    • SHA512

      0e3158418090362cb36b74aa2cfe5d0e0dc70ea89fa067c1339db0720a4361cc21c26dcb43a3a25dc1d6ab2d118146fa94078eb566c5808dc76d1a260c58bd24

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks