Overview

overview

10

Static

static

e-Voucher.scr.exe

windows7-x64

10

e-Voucher.scr.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e-Voucher.scr.exe

  • Size

    2.7MB

  • Sample

    220908-y14tksfgh3

  • MD5

    39aaf1f52e12db147a152701c7f6eb86

  • SHA1

    da864c40b299c7c8bad13a98dddf6cc186906374

  • SHA256

    7b4e64d5cb7fdb60b2795a804aba65b828ffb3fb0d3bed54b7060c5a4f74326a

  • SHA512

    10186a01b1af328af5c411545742c3e6fb4f92141810728c5d279ce2af71b0e43e661bd98e69792dcf9001d6cd82f5bcfffa3c217bdccd34174ba3ca588891f8

  • SSDEEP

    49152:89zUDSLhD28DWrjipbnxR6AkuvVsKj4kqJV:89zUDyhDifKOuvfjQJV

Score
10/10
persistence

Malware Config

Targets

    • Target

      e-Voucher.scr.exe

    • Size

      2.7MB

    • MD5

      39aaf1f52e12db147a152701c7f6eb86

    • SHA1

      da864c40b299c7c8bad13a98dddf6cc186906374

    • SHA256

      7b4e64d5cb7fdb60b2795a804aba65b828ffb3fb0d3bed54b7060c5a4f74326a

    • SHA512

      10186a01b1af328af5c411545742c3e6fb4f92141810728c5d279ce2af71b0e43e661bd98e69792dcf9001d6cd82f5bcfffa3c217bdccd34174ba3ca588891f8

    • SSDEEP

      49152:89zUDSLhD28DWrjipbnxR6AkuvVsKj4kqJV:89zUDyhDifKOuvfjQJV

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks