Overview

overview

10

Static

static

0576409a97...72.exe

windows7_x64

10

0576409a97...72.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0576409a978e936604c09649b2db4466428903f346e1cece4cbbda244b3db672

  • Size

    2.5MB

  • Sample

    220527-we1tpabagp

  • MD5

    40fb983ff0568389f34942bb2aeed39b

  • SHA1

    ec8b95ee374397430b7db55c56bb1e011675e1a1

  • SHA256

    0576409a978e936604c09649b2db4466428903f346e1cece4cbbda244b3db672

  • SHA512

    5aca28dbede74328075964632f7936c947c49eaddd3a727b805a36955bbb8192746d398940b5998af7cebb6b82113d7c82b443e227591b2a7c66f8f1b1d23894

Score
10/10
linkpdfsuricata

Malware Config

Targets

    • Target

      0576409a978e936604c09649b2db4466428903f346e1cece4cbbda244b3db672

    • Size

      2.5MB

    • MD5

      40fb983ff0568389f34942bb2aeed39b

    • SHA1

      ec8b95ee374397430b7db55c56bb1e011675e1a1

    • SHA256

      0576409a978e936604c09649b2db4466428903f346e1cece4cbbda244b3db672

    • SHA512

      5aca28dbede74328075964632f7936c947c49eaddd3a727b805a36955bbb8192746d398940b5998af7cebb6b82113d7c82b443e227591b2a7c66f8f1b1d23894

    Score
    10/10
    suricatalinkpdf

    • suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

      suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks