Overview

overview

8

Static

static

1

d7f87f4704...a8.exe

windows7-x64

8

d7f87f4704...a8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7f87f470424473e7776e2f0cd1c0cf460f10a1424a1a1b5841ee3b0302299a8

  • Size

    106KB

  • Sample

    221123-m7b7csga52

  • MD5

    ea34fefb83379463c90acf2c5b650bed

  • SHA1

    aa5a48ec8784d4e48c8fa70dec123c7c8aa0b83e

  • SHA256

    d7f87f470424473e7776e2f0cd1c0cf460f10a1424a1a1b5841ee3b0302299a8

  • SHA512

    e6f40a47dd50e6958ade23957343c3a62732126c1577a21ef2acd31794233f3d5350fa3b9f4e73da1eacd6babea0905081c0fe1805db0da697310c840692adaa

  • SSDEEP

    3072:xZMJnTeM4cJJiiQILa77j2NZmOSyt+DDMuzWtVhUxxd:/eTeM/MILI8Z2yQ/MGWcx/

Score
8/10
persistence

Malware Config

Targets

    • Target

      d7f87f470424473e7776e2f0cd1c0cf460f10a1424a1a1b5841ee3b0302299a8

    • Size

      106KB

    • MD5

      ea34fefb83379463c90acf2c5b650bed

    • SHA1

      aa5a48ec8784d4e48c8fa70dec123c7c8aa0b83e

    • SHA256

      d7f87f470424473e7776e2f0cd1c0cf460f10a1424a1a1b5841ee3b0302299a8

    • SHA512

      e6f40a47dd50e6958ade23957343c3a62732126c1577a21ef2acd31794233f3d5350fa3b9f4e73da1eacd6babea0905081c0fe1805db0da697310c840692adaa

    • SSDEEP

      3072:xZMJnTeM4cJJiiQILa77j2NZmOSyt+DDMuzWtVhUxxd:/eTeM/MILI8Z2yQ/MGWcx/

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks