Overview

overview

8

Static

static

1.exe

windows7_x64

8

1.exe

windows10-2004_x64

8

speco_plugin.exe

windows7_x64

8

speco_plugin.exe

windows10-2004_x64

8

system.exe

windows7_x64

6

system.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected.zip

  • Size

    20.0MB

  • Sample

    220210-1wcweahda2

  • MD5

    593428f715383c9b2a742ca9fec1df6b

  • SHA1

    f38ffb5dcc7032504cad27ec805262ef2c5c6926

  • SHA256

    1485ef0c179d60a8a62731bcfaf6e14e519becf479300223cca3be415d723e1d

  • SHA512

    328af3096d97f52e8302e3ffc3fef626f6023c8c84ece4e6cd3a1af723a2ae257abd6b14bb424abb7a439c8be02f188ad4ab7f4496b57c4938e8a6d6a7a31174

Score
8/10

Malware Config

Targets

    • Target

      1.exe

    • Size

      19.4MB

    • MD5

      6a58b52b184715583cda792b56a0a1ed

    • SHA1

      3477a173e2c1005a81d042802ab0f22cc12a4d55

    • SHA256

      d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb

    • SHA512

      49ee746a98bce076cd20a36d57d08ed0dc39d48a0a2866173d4c0dbb1633e2ec8e069f4dbba578e707c8dd1de1fcc908cf412e4a9fff9ecc78ac92357e75c313

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      speco_plugin.exe

    • Size

      1.1MB

    • MD5

      53e4b14faf1e046d09c36b918442b06a

    • SHA1

      79bd631bf2f369af6139af3b67a815d62bbbabb9

    • SHA256

      5f88f1f8fb79311e568d194eee42c817d2883ebaa6d1afbccb1a9b2d4de7b5c8

    • SHA512

      b6698dcf9a2db51d4c28d1f65ec7f432c3b4b6a5b14e82af08d5c4d84aa568d38f25cde3de2438db22e9615633abec3a83ad06b73ecbf190134e39660b259c15

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      system.exe

    • Size

      171KB

    • MD5

      223b16194882202508eb561542596b24

    • SHA1

      b166b6c9b8e92563314d3d7e360b887bab48e8b4

    • SHA256

      918bdb78e8219893c11138fb33e7542c76991a23cc34098d7f7d608810e6d3b7

    • SHA512

      82845a126588238f02ea8767c484d0abf47080bae35fe7373eecb94e84b8b171fc47358684879735d81e2d7b45eafad39d27385e6ae32986ec55b16d9c42e2c9

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks