Overview

overview

10

Static

static

0ed015da8e...76.exe

windows7_x64

10

0ed015da8e...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ed015da8ed67abfc890ba016803bab62273f06be5454a0dc9c2d7a0a5ba3176

  • Size

    1.6MB

  • Sample

    220604-v97eaahce9

  • MD5

    45e68e5bc35e6b0ac6b49dc0fd7717b4

  • SHA1

    4c932687c07008e2e1d08cae540fd71fde403add

  • SHA256

    0ed015da8ed67abfc890ba016803bab62273f06be5454a0dc9c2d7a0a5ba3176

  • SHA512

    aa1c0651aaa1bd8e3b6073e5feb8338203a5d4e1922ba96240576441c94dbf17ee18b9d8e0d134931a5754b81f76df740766e31dfd49a55df601c88c82732d18

Score
10/10
persistencesuricataupx

Malware Config

Targets

    • Target

      0ed015da8ed67abfc890ba016803bab62273f06be5454a0dc9c2d7a0a5ba3176

    • Size

      1.6MB

    • MD5

      45e68e5bc35e6b0ac6b49dc0fd7717b4

    • SHA1

      4c932687c07008e2e1d08cae540fd71fde403add

    • SHA256

      0ed015da8ed67abfc890ba016803bab62273f06be5454a0dc9c2d7a0a5ba3176

    • SHA512

      aa1c0651aaa1bd8e3b6073e5feb8338203a5d4e1922ba96240576441c94dbf17ee18b9d8e0d134931a5754b81f76df740766e31dfd49a55df601c88c82732d18

    Score
    10/10
    persistencesuricataupx

    • suricata: ET MALWARE W32/Dinwod.Dropper Win32/Xtrat.B CnC Beacon

      suricata: ET MALWARE W32/Dinwod.Dropper Win32/Xtrat.B CnC Beacon

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks