6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

6938d40afa...28.exe

windows7-x64

8

6938d40afa...28.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828
Size

205KB
Sample

221003-rr18rsbadl
MD5

6decf6977ef34c42a8b901520065c091
SHA1

4682c4546f37e6bf9b860330d07d95e82997fac6
SHA256

6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828
SHA512

571b3c73d0f9e08ad15dfbba82ff9a6bd71d4f5137b52388c932cbcd7e2b7dd96aab5c7547e05572b5739419d923f41148521bbd9030ddb732b5670644db237e
SSDEEP

3072:2wjmK0lZmJ6mRngDnXGVOS4jdlbsq1ei3JxIwYEv58bfJv9FEyj+TF2ipxZ:2bNfagqOS4Dx1ei5xIwYY5WfJUTF7xZ

Score

8^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828
- Size
  
  205KB
- MD5
  
  6decf6977ef34c42a8b901520065c091
- SHA1
  
  4682c4546f37e6bf9b860330d07d95e82997fac6
- SHA256
  
  6938d40afa76616dc2ad5f085e5ccce2f8298de8d12ec30ac58551b448115828
- SHA512
  
  571b3c73d0f9e08ad15dfbba82ff9a6bd71d4f5137b52388c932cbcd7e2b7dd96aab5c7547e05572b5739419d923f41148521bbd9030ddb732b5670644db237e
- SSDEEP
  
  3072:2wjmK0lZmJ6mRngDnXGVOS4jdlbsq1ei3JxIwYEv58bfJv9FEyj+TF2ipxZ:2bNfagqOS4Dx1ei5xIwYY5WfJUTF7xZ
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy