Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    72ce49a939a9ff59a1d3a1b4bd23c3e0e67b338efabc104df56b374f8861047d

  • Size

    100KB

  • Sample

    221030-h5pbpaabdj

  • MD5

    a2bc4eeb6e9ddce2f211f1d8b77a0280

  • SHA1

    4f6990e46bbd2121993e58e7d1e8a6e64b074adc

  • SHA256

    72ce49a939a9ff59a1d3a1b4bd23c3e0e67b338efabc104df56b374f8861047d

  • SHA512

    a730aaf9d898cd434f7a4f0c78270db495781061388e40ec0dee9a373ae65ba8d890c461b78ed510dc8ed3ddf53b02fbb26b721025f3304e0ef5dd96ec249ba8

  • SSDEEP

    3072:r47excGxFLPkH9SnbZDa/W/j8mmV9qmREYTJglYIuiHqbR:r+eGYtPk0Z+/kjzYttC4R

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      151KB

    • MD5

      ef75f377aca260c8f2eb47e294023cba

    • SHA1

      07c06217fead97306f4b252a28321542b1920d9f

    • SHA256

      ddb5627980e9f1b234b03b90c8c5a30deb5dd575ee7bb8de4cdc5c73c203c909

    • SHA512

      49be3f06cf2e4cb5b6a33bf2971342ad74c054a1542fa4d572c251cec66c5c5ad7015ab1fc54f3ee871d2ae5b8c731d640152205a46e4fdfae14d61ee6b3a594

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hifD1YIuiHqbg:AbXE9OiTGfhEClq9hCC4g

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks