Overview

overview

8

Static

static

8bb53eb135...65.exe

windows7-x64

8

8bb53eb135...65.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bb53eb13516ca4f2233fc886c439106aa822a9fef7800039306551cf16e6265

  • Size

    552KB

  • Sample

    221129-ggy1jsbb47

  • MD5

    8bd3301fa59de7886be06e1eaf1a9683

  • SHA1

    b856986c168e278fe0c9e26e84eed8458580e77b

  • SHA256

    8bb53eb13516ca4f2233fc886c439106aa822a9fef7800039306551cf16e6265

  • SHA512

    6f9b6560a44d1d30b2814fff914c879aa4b4b83f9c7b26b07cb6d4735225de76f09c744832d53ce7fd149e6c1497d3f1a5a4b4353b5df4f845f3b94cc9118da6

  • SSDEEP

    6144:EollFMHteAzVMxPsByF32tjp3Dsn2whkVSbXrZeoFgctrqSDuH8HnkzSMw+2tc:Eo724xUB7tjVsn2w5byc5Dg8H42tc

Score
8/10
persistence

Malware Config

Targets

    • Target

      8bb53eb13516ca4f2233fc886c439106aa822a9fef7800039306551cf16e6265

    • Size

      552KB

    • MD5

      8bd3301fa59de7886be06e1eaf1a9683

    • SHA1

      b856986c168e278fe0c9e26e84eed8458580e77b

    • SHA256

      8bb53eb13516ca4f2233fc886c439106aa822a9fef7800039306551cf16e6265

    • SHA512

      6f9b6560a44d1d30b2814fff914c879aa4b4b83f9c7b26b07cb6d4735225de76f09c744832d53ce7fd149e6c1497d3f1a5a4b4353b5df4f845f3b94cc9118da6

    • SSDEEP

      6144:EollFMHteAzVMxPsByF32tjp3Dsn2whkVSbXrZeoFgctrqSDuH8HnkzSMw+2tc:Eo724xUB7tjVsn2w5byc5Dg8H42tc

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks