Overview

overview

10

Static

static

0ca79bf8ca...11.exe

windows7-x64

10

0ca79bf8ca...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7731796200.zip

  • Size

    280KB

  • Sample

    220725-zx3b1sedd2

  • MD5

    7764a9970b0afae2b4a4fd9855dd9012

  • SHA1

    1215208f8dca025a3b23a7ae1bf9aa7044af3104

  • SHA256

    5f16b53fefc21323c4a0a5895b3084a3dc47d26f593ab646939c740cc5c81cc4

  • SHA512

    716c73e3ef2a78b0f91361a3c3d2db7c7effa2abf5e74097d92214ad466a4b7df19ebbfcd431acbc26b051073912b54263e6e466d32950cd8c2735446ffc12ae

Score
10/10
obliquetrojan

Malware Config

Targets

    • Target

      0ca79bf8ca2b0e12ee245cb37f06da4ca397fdd84166d0913fc8ebc3a62b7711

    • Size

      498KB

    • MD5

      99d55290f6f2d4f2f7315da9b6dfe4e0

    • SHA1

      d171e5f0a3916de88286dc99fdc158855be0ce71

    • SHA256

      0ca79bf8ca2b0e12ee245cb37f06da4ca397fdd84166d0913fc8ebc3a62b7711

    • SHA512

      655ffce301340439020cf79c0ffca2eddc66328f377bec5cdbf471f2cb9ebfad3176cd73fac3383d3b825b40e730d5dd61373deaa79c401eea064429d40346c2

    Score
    10/10
    obliquetrojan

    • ObliqueRAT

      Remote Access Trojan discovered in early 2020.

      trojanoblique

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks