Overview

overview

9

Static

static

3bc43f9709...89.exe

windows7-x64

9

3bc43f9709...89.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bc43f9709b6fd4761b330a5a1802b4532717e286c6152bef0cbac4c1881aa89

  • Size

    3.5MB

  • Sample

    221124-jt44fada9v

  • MD5

    8d1deeba09631d5054a442c67d1e32b6

  • SHA1

    86f4390e8f19e52ef3279841c3a75369d119af6c

  • SHA256

    3bc43f9709b6fd4761b330a5a1802b4532717e286c6152bef0cbac4c1881aa89

  • SHA512

    f5bf7fef7c6a5fca54ed767dd3719f2fa506da53e3db2ff7ee3327992157e2159340dffce315abd54962ba9604795db57ba7ef2ce70abe20b75914c8f0d3d668

  • SSDEEP

    49152:pk+co7x0cjjtxTnC5xYklwoy2PiHSbthpwY/ubuFvTBluxwADp7CPkSNLIlY16Z8:+To7xTjjtdXk2940O7D8x9eP1Itlsfp

Score
9/10
persistence

Malware Config

Targets

    • Target

      3bc43f9709b6fd4761b330a5a1802b4532717e286c6152bef0cbac4c1881aa89

    • Size

      3.5MB

    • MD5

      8d1deeba09631d5054a442c67d1e32b6

    • SHA1

      86f4390e8f19e52ef3279841c3a75369d119af6c

    • SHA256

      3bc43f9709b6fd4761b330a5a1802b4532717e286c6152bef0cbac4c1881aa89

    • SHA512

      f5bf7fef7c6a5fca54ed767dd3719f2fa506da53e3db2ff7ee3327992157e2159340dffce315abd54962ba9604795db57ba7ef2ce70abe20b75914c8f0d3d668

    • SSDEEP

      49152:pk+co7x0cjjtxTnC5xYklwoy2PiHSbthpwY/ubuFvTBluxwADp7CPkSNLIlY16Z8:+To7xTjjtdXk2940O7D8x9eP1Itlsfp

    Score
    9/10
    persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks