Overview

overview

10

Static

static

e5d5ca303a...f4.exe

windows7-x64

10

e5d5ca303a...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5d5ca303aca8b23fa3e83dc54e2d18d24f81106f4b5521b917cfa879f3bb0f4

  • Size

    418KB

  • Sample

    221123-thd3zshb6y

  • MD5

    a794775db057185a5100f7fecc5e1fcb

  • SHA1

    0f663f61da45b5bb04f72fc9a07849316c3b6293

  • SHA256

    e5d5ca303aca8b23fa3e83dc54e2d18d24f81106f4b5521b917cfa879f3bb0f4

  • SHA512

    ae9ee3c1649958e8a3b88eec8cea1b58837341e2bf1b6e77d753793827cffe55dea324e568b20ca1b06b87ddc3d0751070f00433778d548d2ee0943b02094e62

  • SSDEEP

    6144:oRMQINI/7guISTm5KV+12Fr9pRJZPc2dTmqo57goWSS1HxW:GP8Y3+M19pRJpcUDoiv1HY

Score
10/10
phishing

Malware Config

Targets

    • Target

      e5d5ca303aca8b23fa3e83dc54e2d18d24f81106f4b5521b917cfa879f3bb0f4

    • Size

      418KB

    • MD5

      a794775db057185a5100f7fecc5e1fcb

    • SHA1

      0f663f61da45b5bb04f72fc9a07849316c3b6293

    • SHA256

      e5d5ca303aca8b23fa3e83dc54e2d18d24f81106f4b5521b917cfa879f3bb0f4

    • SHA512

      ae9ee3c1649958e8a3b88eec8cea1b58837341e2bf1b6e77d753793827cffe55dea324e568b20ca1b06b87ddc3d0751070f00433778d548d2ee0943b02094e62

    • SSDEEP

      6144:oRMQINI/7guISTm5KV+12Fr9pRJZPc2dTmqo57goWSS1HxW:GP8Y3+M19pRJpcUDoiv1HY

    Score
    10/10
    phishing

    • Detected phishing page

      phishing

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks