Overview

overview

8

Static

static

1

8909a06ad3...c6.exe

windows7-x64

8

8909a06ad3...c6.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8909a06ad36bb9e48b7accca3595e5348d1e25162324c5fdc52683dfb7697ac6.exe

  • Size

    204KB

  • Sample

    221107-xamlyaefap

  • MD5

    44ff2421bbd7918c6ad68da4fa276e02

  • SHA1

    04562548afc52dc7ba66a22bd12dcd0c6a5eae2e

  • SHA256

    8909a06ad36bb9e48b7accca3595e5348d1e25162324c5fdc52683dfb7697ac6

  • SHA512

    4898d23f54a3c87856ad88bd00dc42f81ca6a6a4934512aa12b00e2189fa32ee8b4bb706ab948dcba613c0b095c9920fa367372ecf7f9a0efec959830d2c110d

  • SSDEEP

    3072:qgXdZt9P6D3XJKMDXQOf6k/l/40APgVGP3l1IbRhzv3D5P9B3H2Ol9DnLQpdYyPl:qe34hDX9f6iaDPUco3fDHBXH30pdYal

Score
8/10
persistence

Malware Config

Targets

    • Target

      8909a06ad36bb9e48b7accca3595e5348d1e25162324c5fdc52683dfb7697ac6.exe

    • Size

      204KB

    • MD5

      44ff2421bbd7918c6ad68da4fa276e02

    • SHA1

      04562548afc52dc7ba66a22bd12dcd0c6a5eae2e

    • SHA256

      8909a06ad36bb9e48b7accca3595e5348d1e25162324c5fdc52683dfb7697ac6

    • SHA512

      4898d23f54a3c87856ad88bd00dc42f81ca6a6a4934512aa12b00e2189fa32ee8b4bb706ab948dcba613c0b095c9920fa367372ecf7f9a0efec959830d2c110d

    • SSDEEP

      3072:qgXdZt9P6D3XJKMDXQOf6k/l/40APgVGP3l1IbRhzv3D5P9B3H2Ol9DnLQpdYyPl:qe34hDX9f6iaDPUco3fDHBXH30pdYal

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks