Overview

overview

8

Static

static

3c77f982de...cf.exe

windows7-x64

8

3c77f982de...cf.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3c77f982dedf04499490e5e0fe1f761c92605577fc10006e9327cacb4a7029cf

  • Size

    55KB

  • Sample

    221019-23yxwsccf8

  • MD5

    91bd4d1a62f8a1de6741cd4c870966b0

  • SHA1

    93059d50b2a9dd9ca933f96d5b73a44cc00df2e5

  • SHA256

    3c77f982dedf04499490e5e0fe1f761c92605577fc10006e9327cacb4a7029cf

  • SHA512

    5955ad72e96affe6264dc708a2814557f95c4c79435b5598cf70ce0d139c215111924ec6858a2aa410236f565b2228120a53507bdc2e72372a2df5ebd733533c

  • SSDEEP

    768:oVqibuG53iD7IEsDOMnop8Lju5K4SN2XPkn9d85ou:oVqif5yvCD2fkn9kX

Score
8/10

Malware Config

Targets

    • Target

      3c77f982dedf04499490e5e0fe1f761c92605577fc10006e9327cacb4a7029cf

    • Size

      55KB

    • MD5

      91bd4d1a62f8a1de6741cd4c870966b0

    • SHA1

      93059d50b2a9dd9ca933f96d5b73a44cc00df2e5

    • SHA256

      3c77f982dedf04499490e5e0fe1f761c92605577fc10006e9327cacb4a7029cf

    • SHA512

      5955ad72e96affe6264dc708a2814557f95c4c79435b5598cf70ce0d139c215111924ec6858a2aa410236f565b2228120a53507bdc2e72372a2df5ebd733533c

    • SSDEEP

      768:oVqibuG53iD7IEsDOMnop8Lju5K4SN2XPkn9d85ou:oVqif5yvCD2fkn9kX

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Uses the VBS compiler for execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks