Overview

overview

8

Static

static

48074ccfef...70.exe

windows7-x64

8

48074ccfef...70.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    48074ccfef76be5bb09e4addbb9d37b0fb3a38e376901b6f57ce27dec94aee70

  • Size

    263KB

  • Sample

    221029-p2ereaghck

  • MD5

    da63d0e34f84dc3093f173d206ef75a1

  • SHA1

    b679f60dcc8481a80ce4d5f66c733ee7b22b64fb

  • SHA256

    48074ccfef76be5bb09e4addbb9d37b0fb3a38e376901b6f57ce27dec94aee70

  • SHA512

    4fe99e5adb7d268c6c66aa659bc297f2f8aee27776acea7e990d70c4972f4e5d0fc52823c6db860f281cc20c24d6a68e79ef5cd4ac19f3a201d013587a9d7ce5

  • SSDEEP

    6144:4yZcAuFcCf38XolyxnDFJ6VcWhlhrK64XxHcA/d5i8fgBw2VaD:RTOcCf6y0C3MNdhgw2VaD

Score
8/10
persistence

Malware Config

Targets

    • Target

      48074ccfef76be5bb09e4addbb9d37b0fb3a38e376901b6f57ce27dec94aee70

    • Size

      263KB

    • MD5

      da63d0e34f84dc3093f173d206ef75a1

    • SHA1

      b679f60dcc8481a80ce4d5f66c733ee7b22b64fb

    • SHA256

      48074ccfef76be5bb09e4addbb9d37b0fb3a38e376901b6f57ce27dec94aee70

    • SHA512

      4fe99e5adb7d268c6c66aa659bc297f2f8aee27776acea7e990d70c4972f4e5d0fc52823c6db860f281cc20c24d6a68e79ef5cd4ac19f3a201d013587a9d7ce5

    • SSDEEP

      6144:4yZcAuFcCf38XolyxnDFJ6VcWhlhrK64XxHcA/d5i8fgBw2VaD:RTOcCf6y0C3MNdhgw2VaD

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks