Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7041f7cc5b7447afc0528200c2eb0b5c20cd48566f1d304ea53347694a14f1b5

  • Size

    124KB

  • Sample

    220919-vhxqrsddaj

  • MD5

    90e378cdc8b86c868a888b1acc27e7ee

  • SHA1

    d093b012fae7df8161c62bdb27eec9234bb64068

  • SHA256

    7041f7cc5b7447afc0528200c2eb0b5c20cd48566f1d304ea53347694a14f1b5

  • SHA512

    ff395b150861fee27a5e376f7aef19ed2d13499d9ae8d1f9b7a556c67f664b04950a2c86f7f992c1afcef306267a3e2555f1e37e10f1a1e628069e4db8c02097

  • SSDEEP

    3072:2l0img13tG90HdQ3SqtRaAUjfdaBdE3SrmnbmO2M41Mmo:2ljpD9Q3TtRq7Unrwy1Mmo

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      238KB

    • MD5

      466171c86c39f1266019f1386b78ad45

    • SHA1

      cf50984c43232cffb00e181597be92b5a118c65e

    • SHA256

      af2f6bc331ddbf6401b342e21947f949a92143d7f8dea3e6a1dcefca18bcefb2

    • SHA512

      162f43193b6e387ae9bbe77b099d62ad473f47b7dbfddb8e94fe75b3b7003035dadd9bb2e7069e8009eba74a6206784f54999f29ff5ea5a7463b086382018b4b

    • SSDEEP

      3072:QBAp5XhKpN4eOyVTGfhEClj8jTk+0h5TlWnC+Cgw5CKHG:HbXE9OiTGfhEClq9IlWzJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks