Overview

overview

10

Static

static

21e82b438e...64.exe

windows7_x64

10

21e82b438e...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21e82b438e9372b136719ebb26d2c8024e2e80d866b144ed0d509a7c9db67a64

  • Size

    218KB

  • Sample

    220612-hvp58sbacq

  • MD5

    4ced579c892ddde3858eaaca641759bb

  • SHA1

    655346c704eb41422328998fab56691f352dec4d

  • SHA256

    21e82b438e9372b136719ebb26d2c8024e2e80d866b144ed0d509a7c9db67a64

  • SHA512

    611ef0f7ba245d9338ffa1e2ed2e5ac09b610ee0c8d4dea31b64281dc144a67240635e9cdeb493332f9468715f49a4e10e362fabf5a80cb6c65bd16078b4e7da

Score
10/10
persistencesuricata

Malware Config

Targets

    • Target

      21e82b438e9372b136719ebb26d2c8024e2e80d866b144ed0d509a7c9db67a64

    • Size

      218KB

    • MD5

      4ced579c892ddde3858eaaca641759bb

    • SHA1

      655346c704eb41422328998fab56691f352dec4d

    • SHA256

      21e82b438e9372b136719ebb26d2c8024e2e80d866b144ed0d509a7c9db67a64

    • SHA512

      611ef0f7ba245d9338ffa1e2ed2e5ac09b610ee0c8d4dea31b64281dc144a67240635e9cdeb493332f9468715f49a4e10e362fabf5a80cb6c65bd16078b4e7da

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

      suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks