Overview

overview

10

Static

static

b01e71436c...ac.exe

windows7_x64

10

b01e71436c...ac.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b01e71436ccb703fbf02bf0e171f77ac.exe

  • Size

    780KB

  • Sample

    220507-xsl35acha3

  • MD5

    b01e71436ccb703fbf02bf0e171f77ac

  • SHA1

    9acda7d69832cbfc66881302b5ab2691ad342c78

  • SHA256

    b9e8d2ae255a3b585cd17cbfad39037f0bb9a7691b4977e08d248841017b1b2c

  • SHA512

    a69c3969a2a62625604d1bdb1a8fe1e5d69100836d604c32e463b54854d7c60fd6c451246880ac6c84213955bba0bce6123882c16edc3d10ef8b89e5b13f464c

Score
10/10
suricata

Malware Config

Targets

    • Target

      b01e71436ccb703fbf02bf0e171f77ac.exe

    • Size

      780KB

    • MD5

      b01e71436ccb703fbf02bf0e171f77ac

    • SHA1

      9acda7d69832cbfc66881302b5ab2691ad342c78

    • SHA256

      b9e8d2ae255a3b585cd17cbfad39037f0bb9a7691b4977e08d248841017b1b2c

    • SHA512

      a69c3969a2a62625604d1bdb1a8fe1e5d69100836d604c32e463b54854d7c60fd6c451246880ac6c84213955bba0bce6123882c16edc3d10ef8b89e5b13f464c

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE DCRAT Activity (GET)

      suricata: ET MALWARE DCRAT Activity (GET)

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks