Overview

overview

8

Static

static

c9204948d4...83.exe

windows7_x64

8

c9204948d4...83.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9204948d452b69e00e566beaed04c5bdbd8bbc134524b9f424fa4c10565a783

  • Size

    4.6MB

  • Sample

    210511-tfznpbqcns

  • MD5

    c5a2380e2b447c4ea5023d202870de71

  • SHA1

    ce81fc9e9a42e4b66ff58dbb9ce5b9bc26f087e0

  • SHA256

    c9204948d452b69e00e566beaed04c5bdbd8bbc134524b9f424fa4c10565a783

  • SHA512

    afb9b18beef7e15efef5340132c8764b294cb2c11abf8551c4703132e287e3beae99b12921850dbefb4f3bb6d105bc0ae268da9c981a48f6910000fdbb645d70

Score
8/10
macropersistence

Malware Config

Targets

    • Target

      c9204948d452b69e00e566beaed04c5bdbd8bbc134524b9f424fa4c10565a783

    • Size

      4.6MB

    • MD5

      c5a2380e2b447c4ea5023d202870de71

    • SHA1

      ce81fc9e9a42e4b66ff58dbb9ce5b9bc26f087e0

    • SHA256

      c9204948d452b69e00e566beaed04c5bdbd8bbc134524b9f424fa4c10565a783

    • SHA512

      afb9b18beef7e15efef5340132c8764b294cb2c11abf8551c4703132e287e3beae99b12921850dbefb4f3bb6d105bc0ae268da9c981a48f6910000fdbb645d70

    Score
    8/10
    macropersistence

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks