Overview

overview

8

Static

static

649f0f4b37...40.exe

windows7-x64

8

649f0f4b37...40.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    649f0f4b37f7601dee6c739b5df1338c3d07e545b7d84e1011b3339c3f1e2c40

  • Size

    654KB

  • Sample

    221102-nacmascahq

  • MD5

    3638b78963ce30dc1faffaec1595cb86

  • SHA1

    a5c64d95d974f834ac04ae996bab8aa2058b1cf9

  • SHA256

    649f0f4b37f7601dee6c739b5df1338c3d07e545b7d84e1011b3339c3f1e2c40

  • SHA512

    90997bfd9c1a4d76c3e40031048f0dee3da6751e8eaa735e33369f887ffe1d2b268f795ee3cadaae89fb0a8560daaa2817e4f0d01224d08457592bf37963efaa

  • SSDEEP

    12288:Z/iSuOs4HEI4rcS9UA5WxsD+c66j/Spx+Mx3yhTy6iai62UF4kaytvmOA0T:Z/iKsVIoceUA50sD+clAyhTYaT2Uqkay

Score
8/10
persistence

Malware Config

Targets

    • Target

      649f0f4b37f7601dee6c739b5df1338c3d07e545b7d84e1011b3339c3f1e2c40

    • Size

      654KB

    • MD5

      3638b78963ce30dc1faffaec1595cb86

    • SHA1

      a5c64d95d974f834ac04ae996bab8aa2058b1cf9

    • SHA256

      649f0f4b37f7601dee6c739b5df1338c3d07e545b7d84e1011b3339c3f1e2c40

    • SHA512

      90997bfd9c1a4d76c3e40031048f0dee3da6751e8eaa735e33369f887ffe1d2b268f795ee3cadaae89fb0a8560daaa2817e4f0d01224d08457592bf37963efaa

    • SSDEEP

      12288:Z/iSuOs4HEI4rcS9UA5WxsD+c66j/Spx+Mx3yhTy6iai62UF4kaytvmOA0T:Z/iKsVIoceUA50sD+clAyhTYaT2Uqkay

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks