Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    077036d65a90ce3d59cdef9b944ab7e9a719359297abbe7abbea73392f5c6abc

  • Size

    133KB

  • Sample

    221206-c272qshb58

  • MD5

    c5d22b1a92b05b0e38212c69667865d2

  • SHA1

    4c7b7c381542793eb6732c023b4525b5d6cc1c16

  • SHA256

    077036d65a90ce3d59cdef9b944ab7e9a719359297abbe7abbea73392f5c6abc

  • SHA512

    51d5513fad72551a2d5dafb22e4425134f0b8082676ee1b3a34eb68e1114aeb9e945b216d220f066f483c0eb11a5f4712127f19e67ee34363c03245de81b8543

  • SSDEEP

    3072:rnHXMpxcGxFyhQ0bOqYjQM9rQA19lYBs5H8xieQ8TMqrYA0QPSVBs17:zHmGY/o0l9iBGiieQ8TMq8m6Q7

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      239KB

    • MD5

      f4c8c3777072d5b1bcd3ecfb0303c906

    • SHA1

      1bcf98bf3ec6e5170554c8cb9d1a78125e2d7260

    • SHA256

      81c262027f6217ad5a2a84d6388d9e991ffbeace8e4b83fd7857084bfbc5cebb

    • SHA512

      81fea96b17acef5a5d4f9c27e9267dab05ce5965d258496e896abb5c2ec374b621668c597cb4ddba53c66239281bdd384034af277d0bff3ea8b70efe88b7ff75

    • SSDEEP

      6144:pbXE9OiTGfhEClq9Dos9HOgmFBBBBBBBBBNvlYSavJJUq:RU9XiuieWvlYSaP

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks