Overview

overview

10

Static

static

ebook.exe.org.exe

windows7_x64

10

ebook.exe.org.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebook.exe.org

  • Size

    28.2MB

  • Sample

    211109-ms88jsfab4

  • MD5

    07f79b595254bd60ccec7561e858de35

  • SHA1

    6199b33c52351cdc5d6cd1b61bb9f3602c9eb799

  • SHA256

    dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32

  • SHA512

    6ca0a66adebe69b10e2c79f75441f264e8481d481731ba3bde0ee522f64761558fc74739a1a43b411708d0c6169a92167febd490a0cd96693236de29fc37362b

Score
10/10
golddragonbackdoordiscovery

Malware Config

Targets

    • Target

      ebook.exe.org

    • Size

      28.2MB

    • MD5

      07f79b595254bd60ccec7561e858de35

    • SHA1

      6199b33c52351cdc5d6cd1b61bb9f3602c9eb799

    • SHA256

      dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32

    • SHA512

      6ca0a66adebe69b10e2c79f75441f264e8481d481731ba3bde0ee522f64761558fc74739a1a43b411708d0c6169a92167febd490a0cd96693236de29fc37362b

    Score
    10/10
    golddragonbackdoordiscovery

    • GoldDragon

      GoldDragon is a second-stage backdoor attributed to Kimsuky.

      backdoorgolddragon

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks