Overview

overview

8

Static

static

fb9367fc01...78.exe

windows7_x64

8

fb9367fc01...78.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb9367fc01d62c07a617373ecdc5d6e703c91b4455560965fcb253cafab13478

  • Size

    115KB

  • Sample

    220520-3ajsyabeal

  • MD5

    7103f17d8ef1883e893a9a10333feec2

  • SHA1

    46f722fc1af5cba5cf322a8c3af20f58cfce47e9

  • SHA256

    fb9367fc01d62c07a617373ecdc5d6e703c91b4455560965fcb253cafab13478

  • SHA512

    8b177b6128b78756b3a75f22ef4f62d9b5bf189c7e53dc4cc7871dc24bc93a5677f27ac2064e483cb09a55f2b4825148da8499373708046645c425508f5f8fb0

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      fb9367fc01d62c07a617373ecdc5d6e703c91b4455560965fcb253cafab13478

    • Size

      115KB

    • MD5

      7103f17d8ef1883e893a9a10333feec2

    • SHA1

      46f722fc1af5cba5cf322a8c3af20f58cfce47e9

    • SHA256

      fb9367fc01d62c07a617373ecdc5d6e703c91b4455560965fcb253cafab13478

    • SHA512

      8b177b6128b78756b3a75f22ef4f62d9b5bf189c7e53dc4cc7871dc24bc93a5677f27ac2064e483cb09a55f2b4825148da8499373708046645c425508f5f8fb0

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks