Overview

overview

8

Static

static

18c13f2d54...a8.exe

windows7-x64

8

18c13f2d54...a8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18c13f2d54b15da7dfae932b18b16fac8de03b7989baafd7995476cd51533ca8

  • Size

    719KB

  • Sample

    220919-h1exfshfbm

  • MD5

    57e6abae885e7d2ad6f476e6ccd7b427

  • SHA1

    413cf3745adb1e55935e8b732146e55b0ccb59b0

  • SHA256

    18c13f2d54b15da7dfae932b18b16fac8de03b7989baafd7995476cd51533ca8

  • SHA512

    14246b12d15b7dad5ee1de42fb13a1821c3007ffe8eb3fb3f2545fa863b1c13b2bb1098467837f64b105ac108c74a1121f7c32c1e1aa4d6653967ca389533493

  • SSDEEP

    12288:Y5Or+ULSdQR69AoKRsmUDD/3AEKrIioeLpDsiSUnCVpwG50xQZ:YIrv5R69AoHF7HdzA4SCVpRl

Score
8/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      18c13f2d54b15da7dfae932b18b16fac8de03b7989baafd7995476cd51533ca8

    • Size

      719KB

    • MD5

      57e6abae885e7d2ad6f476e6ccd7b427

    • SHA1

      413cf3745adb1e55935e8b732146e55b0ccb59b0

    • SHA256

      18c13f2d54b15da7dfae932b18b16fac8de03b7989baafd7995476cd51533ca8

    • SHA512

      14246b12d15b7dad5ee1de42fb13a1821c3007ffe8eb3fb3f2545fa863b1c13b2bb1098467837f64b105ac108c74a1121f7c32c1e1aa4d6653967ca389533493

    • SSDEEP

      12288:Y5Or+ULSdQR69AoKRsmUDD/3AEKrIioeLpDsiSUnCVpwG50xQZ:YIrv5R69AoHF7HdzA4SCVpRl

    Score
    8/10
    evasiontrojanpersistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks