Overview

overview

8

Static

static

5

9d530cc897...7f.exe

windows7-x64

8

9d530cc897...7f.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    9d530cc8974ed7746a8e3c8e162937310cb62a91ca4ef98343cc1e543f5a677f

  • Size

    1.3MB

  • Sample

    221127-rzfa9shh6z

  • MD5

    c8ab04cffb18bbdcd489500f187a4cbf

  • SHA1

    27348d2e6ab76e3dcfa01d3150eec21fc45f1eed

  • SHA256

    9d530cc8974ed7746a8e3c8e162937310cb62a91ca4ef98343cc1e543f5a677f

  • SHA512

    f1cb6748096b3829e4080de00add140f141527d0024ca92f4a110edbdef10a49d4617f79641ec60a7ac11d59daecab88336a00c9db65f8b1a786cba0e4c6d271

  • SSDEEP

    24576:2tb20pkaCqT5TBWgNQ7akhXvmaRtgGJsCaqjq8HtkR6A:jVg5tQ7akh/mRCaqjq8HtA5

Score
8/10
persistence

Malware Config

Targets

    • Target

      9d530cc8974ed7746a8e3c8e162937310cb62a91ca4ef98343cc1e543f5a677f

    • Size

      1.3MB

    • MD5

      c8ab04cffb18bbdcd489500f187a4cbf

    • SHA1

      27348d2e6ab76e3dcfa01d3150eec21fc45f1eed

    • SHA256

      9d530cc8974ed7746a8e3c8e162937310cb62a91ca4ef98343cc1e543f5a677f

    • SHA512

      f1cb6748096b3829e4080de00add140f141527d0024ca92f4a110edbdef10a49d4617f79641ec60a7ac11d59daecab88336a00c9db65f8b1a786cba0e4c6d271

    • SSDEEP

      24576:2tb20pkaCqT5TBWgNQ7akhXvmaRtgGJsCaqjq8HtkR6A:jVg5tQ7akh/mRCaqjq8HtA5

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks