Overview

overview

8

Static

static

5

08eb077694...f5.exe

windows7-x64

8

08eb077694...f5.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    08eb07769475a271b6d8567204c9497d191488c260bb10e601d3c6bed548cdf5

  • Size

    781KB

  • Sample

    221126-2sq5asbb72

  • MD5

    3a94aa1b527b220a47e80f8ac94950df

  • SHA1

    a4c87c3d4b3b9e1d4b7d59939836705294945431

  • SHA256

    08eb07769475a271b6d8567204c9497d191488c260bb10e601d3c6bed548cdf5

  • SHA512

    ac5aba00b8d814fe4ebd36a096834572b09486943c113a5b9bae58e098c5bfa8f43602f398cf4a8d174753c5fbdd04ac381f405f54bd8dc4ec7643d29ba0932e

  • SSDEEP

    12288:ahkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aWHR6G:aRmJkcoQricOIQxiZY1iaWHR6G

Score
8/10
persistence

Malware Config

Targets

    • Target

      08eb07769475a271b6d8567204c9497d191488c260bb10e601d3c6bed548cdf5

    • Size

      781KB

    • MD5

      3a94aa1b527b220a47e80f8ac94950df

    • SHA1

      a4c87c3d4b3b9e1d4b7d59939836705294945431

    • SHA256

      08eb07769475a271b6d8567204c9497d191488c260bb10e601d3c6bed548cdf5

    • SHA512

      ac5aba00b8d814fe4ebd36a096834572b09486943c113a5b9bae58e098c5bfa8f43602f398cf4a8d174753c5fbdd04ac381f405f54bd8dc4ec7643d29ba0932e

    • SSDEEP

      12288:ahkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aWHR6G:aRmJkcoQricOIQxiZY1iaWHR6G

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks