Overview

overview

8

Static

static

91ff228610...44.exe

windows7-x64

8

91ff228610...44.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    91ff228610cf6095a0a5f5ad0b08f35b8116ae1e9def7f23f350dac46550c144

  • Size

    2.3MB

  • Sample

    221012-q3aphsdhh5

  • MD5

    79a762d474643d4f28a43d3a5a807421

  • SHA1

    6a6778626424518ff33260b5ed4d9d867392ce29

  • SHA256

    91ff228610cf6095a0a5f5ad0b08f35b8116ae1e9def7f23f350dac46550c144

  • SHA512

    8b19ecdcb266e6911cb62fba30b4c13b5fc7368c3f1cf751202880214f452cb1ca34611d162e4bfa2752866e2178904504aa3adc217bc6b88289a737d6a38f78

  • SSDEEP

    49152:NBuZrEUTeaIjIXJSATEOkaWH1q2BXp55DdN7POGj0:bkLTeaIjIXJpEOk94s555lj0

Score
8/10

Malware Config

Targets

    • Target

      91ff228610cf6095a0a5f5ad0b08f35b8116ae1e9def7f23f350dac46550c144

    • Size

      2.3MB

    • MD5

      79a762d474643d4f28a43d3a5a807421

    • SHA1

      6a6778626424518ff33260b5ed4d9d867392ce29

    • SHA256

      91ff228610cf6095a0a5f5ad0b08f35b8116ae1e9def7f23f350dac46550c144

    • SHA512

      8b19ecdcb266e6911cb62fba30b4c13b5fc7368c3f1cf751202880214f452cb1ca34611d162e4bfa2752866e2178904504aa3adc217bc6b88289a737d6a38f78

    • SSDEEP

      49152:NBuZrEUTeaIjIXJSATEOkaWH1q2BXp55DdN7POGj0:bkLTeaIjIXJpEOk94s555lj0

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks