Overview

overview

8

Static

static

92aa36213b...1a.exe

windows7-x64

8

92aa36213b...1a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    92aa36213b208ea7f1a4328e300592f32aa3ee49b58107be756930486040891a

  • Size

    816KB

  • Sample

    221205-pjzzmahg59

  • MD5

    8d15cba27bb6751692976a985da607c0

  • SHA1

    31dac344f590bbb0291e4fd650556915e38bb92d

  • SHA256

    92aa36213b208ea7f1a4328e300592f32aa3ee49b58107be756930486040891a

  • SHA512

    a6f0b9f3cd846f65fcd2bea9adfc70a4962b0e734b8d24bb100dcb45d67eea584a04ecfd2f9e2e4c28dc2ba22045b7be1e698593b6bcbf08ddb50dee419c1dfc

  • SSDEEP

    12288:4jCNHpjWI/kx+2QY8+yAaOZQelv8oWaFHcqgDon45EV:4GHc4/aZQcWalcqRn4q

Score
8/10
persistence

Malware Config

Targets

    • Target

      92aa36213b208ea7f1a4328e300592f32aa3ee49b58107be756930486040891a

    • Size

      816KB

    • MD5

      8d15cba27bb6751692976a985da607c0

    • SHA1

      31dac344f590bbb0291e4fd650556915e38bb92d

    • SHA256

      92aa36213b208ea7f1a4328e300592f32aa3ee49b58107be756930486040891a

    • SHA512

      a6f0b9f3cd846f65fcd2bea9adfc70a4962b0e734b8d24bb100dcb45d67eea584a04ecfd2f9e2e4c28dc2ba22045b7be1e698593b6bcbf08ddb50dee419c1dfc

    • SSDEEP

      12288:4jCNHpjWI/kx+2QY8+yAaOZQelv8oWaFHcqgDon45EV:4GHc4/aZQcWalcqRn4q

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks