Overview

overview

8

Static

static

0d03b73c4f...3b.exe

windows7-x64

8

0d03b73c4f...3b.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d03b73c4ff4445bbb67f8d04d4c6d8b31d344fbd765bad0856d6dca3247603b

  • Size

    369KB

  • Sample

    221021-c71vlshacl

  • MD5

    75f0d8fbb73ebb8544341043e72e9408

  • SHA1

    4d5e0aadce89fe23eac2b5d4d1f4ccf02bd0e197

  • SHA256

    0d03b73c4ff4445bbb67f8d04d4c6d8b31d344fbd765bad0856d6dca3247603b

  • SHA512

    f967e29e34c2e34da354161379608490d9e88a81ec58765468d538e1b6c27f03cd6bfd5dcadc790fcde848dd3271ccc2473c2cfb87c7e452e2936ace9fa891b4

  • SSDEEP

    6144:m9DVJgHen8y7XgsOLI+9OkKDpZeGQIJsCegZt0N2r6MTJ:5e9EsHAKtcxk9egZOgr6

Score
8/10
persistence

Malware Config

Targets

    • Target

      0d03b73c4ff4445bbb67f8d04d4c6d8b31d344fbd765bad0856d6dca3247603b

    • Size

      369KB

    • MD5

      75f0d8fbb73ebb8544341043e72e9408

    • SHA1

      4d5e0aadce89fe23eac2b5d4d1f4ccf02bd0e197

    • SHA256

      0d03b73c4ff4445bbb67f8d04d4c6d8b31d344fbd765bad0856d6dca3247603b

    • SHA512

      f967e29e34c2e34da354161379608490d9e88a81ec58765468d538e1b6c27f03cd6bfd5dcadc790fcde848dd3271ccc2473c2cfb87c7e452e2936ace9fa891b4

    • SSDEEP

      6144:m9DVJgHen8y7XgsOLI+9OkKDpZeGQIJsCegZt0N2r6MTJ:5e9EsHAKtcxk9egZOgr6

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks