Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f39ab6cd930df77feb92dcf9b8342834102a32bbfaba639d8cebf7f624589fa5

  • Size

    127KB

  • Sample

    221205-27aqvsad4z

  • MD5

    e4a7944bf000133e97f92242da3861e7

  • SHA1

    ae31664173c04bff7f5fe17ae5c9481858324a0d

  • SHA256

    f39ab6cd930df77feb92dcf9b8342834102a32bbfaba639d8cebf7f624589fa5

  • SHA512

    cc4a5d8b37ca9926b754ca388fa78cd0b3e9bfe1efb629ee3fbbfb44d292fb2bf9b886a9c5853f61532cd409299f558d6f40b199e8b985478f836dbdbae81321

  • SSDEEP

    3072:6vgEL7Yo4PkH9sIbkifAC+7s7UvVCTMVUoeeR8i:6vgEPYo4PkM9JvVCwVU9eR8i

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      239KB

    • MD5

      ec08e46a6d8f35d42aa0b856575326bb

    • SHA1

      3879ba0c3233cacf5c3d3c1ab1ce4b4ae6353d43

    • SHA256

      51dba153450ba408dda62e4fcf650b62c7bc0cf3695a61bb9e09ff9bba5cd6a5

    • SHA512

      c5bcd1981fb73780432bf341c1e02b5de07a4f4183837e76b055ae12a164fdbe88c8d12d50e4f121b28457d6849e8e18427ded41da6716b67748846d544591b8

    • SSDEEP

      3072:JBAp5XhKpN4eOyVTGfhEClj8jTk+0hqIgMKTNRfM+Cgw5CKHK:MbXE9OiTGfhEClq9nlN/JJUK

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks