Overview

overview

8

Static

static

1.exe

windows7-x64

8

1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    20KB

  • Sample

    221203-jdhv9sfc23

  • MD5

    a9a5fd9e81bf95ef0ca75219b25a4fa5

  • SHA1

    1082bdf4db2758cf949908f231c6cdf7ebf43064

  • SHA256

    38d75e5659fd0bd1bdef9676cf80ce5331b759bec33c7e5a4c55db73ef2c8d80

  • SHA512

    228b614a37a75bb3d51d5919129cf0f4c53cd15428c09f25b7727f4da308ca1b8da5aa0af4f36656c1ead8f0e7f524bb7776cc77ad99cb3976b7595e6a61cfcb

  • SSDEEP

    192:zMa+OUrPLUVJnMbXX3mgUoyn9tU+Xh+sH:zdlUXPXG17lp

Score
8/10

Malware Config

Targets

    • Target

      1.exe

    • Size

      20KB

    • MD5

      a9a5fd9e81bf95ef0ca75219b25a4fa5

    • SHA1

      1082bdf4db2758cf949908f231c6cdf7ebf43064

    • SHA256

      38d75e5659fd0bd1bdef9676cf80ce5331b759bec33c7e5a4c55db73ef2c8d80

    • SHA512

      228b614a37a75bb3d51d5919129cf0f4c53cd15428c09f25b7727f4da308ca1b8da5aa0af4f36656c1ead8f0e7f524bb7776cc77ad99cb3976b7595e6a61cfcb

    • SSDEEP

      192:zMa+OUrPLUVJnMbXX3mgUoyn9tU+Xh+sH:zdlUXPXG17lp

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks