Overview

overview

8

Static

static

PO_9730937...oc.exe

windows7-x64

8

PO_9730937...oc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d020a1c7f108b06f6539c5f49d869d527758188736a36ae91b7659051acd4793

  • Size

    688KB

  • Sample

    221124-k53v7adc93

  • MD5

    ec6f094b20bcd0a68007615e80da5925

  • SHA1

    f87c34ebf52179711940f749d68a8b0350c65eeb

  • SHA256

    d020a1c7f108b06f6539c5f49d869d527758188736a36ae91b7659051acd4793

  • SHA512

    ac07ed50060a06c77a64ea2aec1b2b939684341a10c71dc980a285dc925970de0bf0663cf470504d57b1491fdbeedb3556560327d774f1b5133b34098b8f1a33

  • SSDEEP

    12288:mR93lViITflbUMft6DVLvXeDB8RXZLUpeI6glzqe3niUvy1vbEs+fyGlqLhXKF4/:893lViIT9bUut6DV70mRK8K334Es+6Gw

Score
8/10
persistence

Malware Config

Targets

    • Target

      PO_97309373_Karl_Meinz_Gen._Co.doc.exe

    • Size

      791KB

    • MD5

      ba51fb93aed8c9bb74990ab647dabd53

    • SHA1

      d15c1724ea659527cfdeba0ec0c4a07a9cdba5a1

    • SHA256

      214167e1feb613503ca6053634ac634f1f7acf688ba1b79534984e9c2cff2844

    • SHA512

      352674fc850d821a71f7194caf8b74c80a8876deae008d98bb5f1884d0f5abfa16b0b8cf661378244e934961494823ca7290e1b5d4cf8bfd9248841a48399774

    • SSDEEP

      24576:tt24wzbUct6DVLMmRzfDn3mes+W8lqLzaFmqj:JucJTJfbmesV6qLzaFmqj

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks