Overview

overview

8

Static

static

5

sample pro...cs.exe

windows7-x64

8

sample pro...cs.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ee1a0ebdcc3cf9a22e0867e8d2b0fe6da8e68c4b27451f6a486340ec5bf67f4

  • Size

    591KB

  • Sample

    221003-19j7msaadr

  • MD5

    ca999209d51ba3ff012295fe69b00bdf

  • SHA1

    b804f1a0a2c09a4484e86649159585e786f95eea

  • SHA256

    8ee1a0ebdcc3cf9a22e0867e8d2b0fe6da8e68c4b27451f6a486340ec5bf67f4

  • SHA512

    c3515d475a402153bcfe8494bfdb8cfd15f159031f896df313d2b2509e771a18d26c8030f2bd79eb9aafa4bfe5595286a1f54937dcbbc570768de558a4c18c95

  • SSDEEP

    12288:FxRsFbGPY2jKWJax5trmZrcoA7MEOmvhO9Mzo5srdTvD:FxRsMw2Ofx5taVJslOoQ9Mzo+dTr

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      sample product pics.exe

    • Size

      1.0MB

    • MD5

      6575b134dd7b050d597ef0475d0e1585

    • SHA1

      6fbc76429ccbbf9dbdee4c86b1d61f612e70f60e

    • SHA256

      7d83d737bae2597faf8f2ea8347e0c730a66a2049ef4bf2d7852488a34eaf17e

    • SHA512

      8628530230d14ad428d0c28bfd0e9363858c44b95a614127e7a57c284c605be19e7e6d0a5b4b5ccfdad5135f670507b23238d507c0e4e05891d05dd0e9de3014

    • SSDEEP

      24576:MQCMf3oQlibOIQxiZY1Oa7RlOoIT40sAZw8Ts:UMPoQlATFZY1Oa7Rl+e

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks