Overview

overview

8

Static

static

0d6474856e...e8.exe

windows7-x64

8

0d6474856e...e8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d6474856eebb3ec9eb9f184f478a8aefd555518a3b4ea289a61405d89b0dbe8

  • Size

    196KB

  • Sample

    221002-1yzg7aeahq

  • MD5

    659aa7d6112b55a836a6af08b70423cc

  • SHA1

    4b035149848517a47a07ebb2f055bb0daf21b0a6

  • SHA256

    0d6474856eebb3ec9eb9f184f478a8aefd555518a3b4ea289a61405d89b0dbe8

  • SHA512

    50474498f8cc73ae7ee85bcb8c6f1949179f572d3d468498d369d054c06fec4a917a94df7b45f0eb1e84fae338858f47fbd7e7998774d2b5f7f2f23fd658da62

  • SSDEEP

    1536:RvQJyBgIWoPwVXL0LzyFf4kbal/PnVPs9hO16RCpc8MiWVWv7tEOPd5/Frd9cqCH:q0gIWoUwLmLGPs9v3Wv7FPdvJVyl3lJ

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      0d6474856eebb3ec9eb9f184f478a8aefd555518a3b4ea289a61405d89b0dbe8

    • Size

      196KB

    • MD5

      659aa7d6112b55a836a6af08b70423cc

    • SHA1

      4b035149848517a47a07ebb2f055bb0daf21b0a6

    • SHA256

      0d6474856eebb3ec9eb9f184f478a8aefd555518a3b4ea289a61405d89b0dbe8

    • SHA512

      50474498f8cc73ae7ee85bcb8c6f1949179f572d3d468498d369d054c06fec4a917a94df7b45f0eb1e84fae338858f47fbd7e7998774d2b5f7f2f23fd658da62

    • SSDEEP

      1536:RvQJyBgIWoPwVXL0LzyFf4kbal/PnVPs9hO16RCpc8MiWVWv7tEOPd5/Frd9cqCH:q0gIWoUwLmLGPs9v3Wv7FPdvJVyl3lJ

    Score
    8/10
    evasionpersistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks