Overview

overview

8

Static

static

ec6d37cc0b...8e.exe

windows7-x64

8

ec6d37cc0b...8e.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec6d37cc0b28873108427d20f3d894e5bd79bf6ed6decdabc4e6c85ab7acd48e

  • Size

    312KB

  • Sample

    221129-hcrw4sea35

  • MD5

    68196a7d4e845776bb570f561c01add3

  • SHA1

    46386de9f2bd908da365f6ad4746908eff90bbfe

  • SHA256

    ec6d37cc0b28873108427d20f3d894e5bd79bf6ed6decdabc4e6c85ab7acd48e

  • SHA512

    8a5639a466703daa775249159e0de5baa4df0b8d5506ecd19a8a7058024fe37d40e2bcba7e380f1b3b7b4858f477a574a03ce013a740c6c79113f07a624c0f09

  • SSDEEP

    6144:H4QyDFmyRm0N2A5a5k1OiI5nQartTn16fmui+xVj1+/:YQt0D52k1w7rtT1n+xl1

Score
8/10

Malware Config

Targets

    • Target

      ec6d37cc0b28873108427d20f3d894e5bd79bf6ed6decdabc4e6c85ab7acd48e

    • Size

      312KB

    • MD5

      68196a7d4e845776bb570f561c01add3

    • SHA1

      46386de9f2bd908da365f6ad4746908eff90bbfe

    • SHA256

      ec6d37cc0b28873108427d20f3d894e5bd79bf6ed6decdabc4e6c85ab7acd48e

    • SHA512

      8a5639a466703daa775249159e0de5baa4df0b8d5506ecd19a8a7058024fe37d40e2bcba7e380f1b3b7b4858f477a574a03ce013a740c6c79113f07a624c0f09

    • SSDEEP

      6144:H4QyDFmyRm0N2A5a5k1OiI5nQartTn16fmui+xVj1+/:YQt0D52k1w7rtT1n+xl1

    Score
    8/10

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks