Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a93749a13c3ddaf6ff0427b836886b1ccc6aa5ea2d94bbc57b5e60f76edddf0c

  • Size

    111KB

  • Sample

    221003-1s3yeshbgk

  • MD5

    625748cc1308f9db48798c2e9035d700

  • SHA1

    85d56dd0d7f106bda0aff12be1e54bea72a0e501

  • SHA256

    a93749a13c3ddaf6ff0427b836886b1ccc6aa5ea2d94bbc57b5e60f76edddf0c

  • SHA512

    84adb44d824996a20d44443b724327e8f008e5e9a1faa8091fe86be1689b8552ff5acdc1f3b7071962961975e37c86f61317c1fee27070adc711ca8e8fd22b1f

  • SSDEEP

    3072:tnO9QMl+hQ0gInZl7oWSK5nD4hQ2ONH1Vpw2SOhmvYV16yy:tOnIZk5o1VpnSOhcNyy

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      168KB

    • MD5

      a1c5d84afa0343c245d8f21800d11dce

    • SHA1

      c97763e84cda55eb538474e0c007904797328564

    • SHA256

      583d32ab38b823f7bd85e71364e000ed6d4f3df10bec494d16895027955cfced

    • SHA512

      f2628972d067045f4bea23b334beb0a88f7b25c6f47aa760421eeb77196856d77c5fefec042e315597e2ddc052ee6ac536dea96567d8aff2b36dcba7f78fb541

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0ht0IjkgnamOuUr+tZdlb:TbXE9OiTGfhEClq9W0IgAdjb

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks