Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b14ab83fe8d82e9d00a090084390d7a7e0c9c48d040216bb9305691f9fb172fb

  • Size

    100KB

  • Sample

    221011-sw73jscacr

  • MD5

    70f36819f5792f433d6c821fb68606c0

  • SHA1

    3e0cfca168bc352975533829844b63e4491bd52a

  • SHA256

    b14ab83fe8d82e9d00a090084390d7a7e0c9c48d040216bb9305691f9fb172fb

  • SHA512

    a8cc6de5bdba4913d37cdfc498f8bdb4a6ac57f96e043187a7e1369eb3f4cc1e12bf3ac481cefc8a0c0a889d2ad6d31e90def0d0c61c05c3a983fe5569e2c32a

  • SSDEEP

    3072:w47excGxFLPkH9SnbZDas3cGOr/LNLMCWmPWo/JA:w+eGYtPk0Z+sMv/pLMFAA

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      151KB

    • MD5

      da55bc0842b0b3a01fa050d40b3e660e

    • SHA1

      80a477716badf385400c7352de12d839d26875f3

    • SHA256

      830c4252ab03327fc0edd99999013c1fa3aa2c634c0e059cafcd392f71e88d30

    • SHA512

      c361bb7bafae77f4b220d429af19d7416709876c1d9285bce6a9be7d381c1a44c6685ee373812a8c8c9fb908d2ed8767b3b21ccb7d8b1ac6b1f84b5bd9a0deb8

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hicVgSPWo/Jv:AbXE9OiTGfhEClq9rLAv

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks