Overview

overview

8

Static

static

1

f742827806...5c.exe

windows7-x64

8

f742827806...5c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f742827806c3cacd954cf5d2c9c673ccc8acb35fae240a7377aef03189b6db5c

  • Size

    205KB

  • Sample

    221203-z7xjhsah8t

  • MD5

    1a60532f99a506ced2da08d40f62e5f0

  • SHA1

    3b645bd81a28a1ef1eedba1448604de96407515c

  • SHA256

    f742827806c3cacd954cf5d2c9c673ccc8acb35fae240a7377aef03189b6db5c

  • SHA512

    abc2d8fb5edb07bbd7f346481aff495465a4c7db00ac0253e8ea37e3084d807ac1d8de95ee557b6834513479f767d7aa004cf013be44912190d49a94fe41312f

  • SSDEEP

    6144:CkwK8wI9HZ/xaof8MZspHdr1CfCwZMeGQ/AZ:PmFZ/b8MZGHIl/AZ

Score
8/10
persistence

Malware Config

Targets

    • Target

      f742827806c3cacd954cf5d2c9c673ccc8acb35fae240a7377aef03189b6db5c

    • Size

      205KB

    • MD5

      1a60532f99a506ced2da08d40f62e5f0

    • SHA1

      3b645bd81a28a1ef1eedba1448604de96407515c

    • SHA256

      f742827806c3cacd954cf5d2c9c673ccc8acb35fae240a7377aef03189b6db5c

    • SHA512

      abc2d8fb5edb07bbd7f346481aff495465a4c7db00ac0253e8ea37e3084d807ac1d8de95ee557b6834513479f767d7aa004cf013be44912190d49a94fe41312f

    • SSDEEP

      6144:CkwK8wI9HZ/xaof8MZspHdr1CfCwZMeGQ/AZ:PmFZ/b8MZGHIl/AZ

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks