Overview

overview

8

Static

static

5

a71b9f7bd9...12.exe

windows7-x64

8

a71b9f7bd9...12.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312

  • Size

    1.1MB

  • Sample

    221126-jkrrracg76

  • MD5

    446e5936689f894c8959b0707876ae12

  • SHA1

    bc654444bd03fb171f20a6f87bc9d405d485828d

  • SHA256

    a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312

  • SHA512

    a520541b55f5c78c8db7588ee4535a255f06b9625aa40638ab7b402c37d32a7137132c29c0141a23e9ddf7a2de6487e07199fd093d4151c9ce193eb8d040f81e

  • SSDEEP

    24576:7tb20pkaCqT5TBWgNQ7a787DmJpucN3JjC6A:4Vg5tQ7a787Ir3JO5

Score
8/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312

    • Size

      1.1MB

    • MD5

      446e5936689f894c8959b0707876ae12

    • SHA1

      bc654444bd03fb171f20a6f87bc9d405d485828d

    • SHA256

      a71b9f7bd9556e9439e5c14ec3b9bf3bfb4f6c8681054fd969d708035b358312

    • SHA512

      a520541b55f5c78c8db7588ee4535a255f06b9625aa40638ab7b402c37d32a7137132c29c0141a23e9ddf7a2de6487e07199fd093d4151c9ce193eb8d040f81e

    • SSDEEP

      24576:7tb20pkaCqT5TBWgNQ7a787DmJpucN3JjC6A:4Vg5tQ7a787Ir3JO5

    Score
    8/10
    persistencemicrosoftphishing

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks