Overview

overview

8

Static

static

1

807c19e730...1c.exe

windows7-x64

8

807c19e730...1c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    807c19e73004b69fb533d77f11f5ffa952d56507e8f52eedffa83ac83d821a1c

  • Size

    115KB

  • Sample

    221202-3q9djafb44

  • MD5

    3384b3d82ab06a58fbc626775cb0f13c

  • SHA1

    dbb70d9e3b0931e70641ba24257fcacc1892a952

  • SHA256

    807c19e73004b69fb533d77f11f5ffa952d56507e8f52eedffa83ac83d821a1c

  • SHA512

    5ec526c59605d82ed1405189c33d0897495354fa6ebd449e0526f49da594b1b41a790a25b9b099ece6984bb57cd641a8da7c5c602acb036d0ee1d26e2347e6c5

  • SSDEEP

    3072:xqBFJLzgOJJ65a0fe+CUGXQV8HiKxh2pvFg:wPdZifvtGXQV8CyEfg

Score
8/10
persistence

Malware Config

Targets

    • Target

      807c19e73004b69fb533d77f11f5ffa952d56507e8f52eedffa83ac83d821a1c

    • Size

      115KB

    • MD5

      3384b3d82ab06a58fbc626775cb0f13c

    • SHA1

      dbb70d9e3b0931e70641ba24257fcacc1892a952

    • SHA256

      807c19e73004b69fb533d77f11f5ffa952d56507e8f52eedffa83ac83d821a1c

    • SHA512

      5ec526c59605d82ed1405189c33d0897495354fa6ebd449e0526f49da594b1b41a790a25b9b099ece6984bb57cd641a8da7c5c602acb036d0ee1d26e2347e6c5

    • SSDEEP

      3072:xqBFJLzgOJJ65a0fe+CUGXQV8HiKxh2pvFg:wPdZifvtGXQV8CyEfg

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks