Overview

overview

8

Static

static

EMS1277643...·.exe

windows7-x64

8

EMS1277643...·.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    EMS1277643414202寄出·.exe

  • Size

    284KB

  • Sample

    230102-jzze5sdg28

  • MD5

    a3849ecfdffd3166982f48c5431d9e7a

  • SHA1

    6da56fe67c7854fe6ad0643b52a31b77f7f53e46

  • SHA256

    d69b13f1276594f9f10cf722a15179b0d71911a92d15a726e1bdd234a880cf92

  • SHA512

    127b82ad19255b5d609e77bc7b9cd34d782b19a5d439ebe8153f5cf67ad582320c9e2f576375425f8b0460db349a003fb8500f2b56fb8814e4b066b0e5857d68

  • SSDEEP

    6144:PYa6d1YYmHTbRzumHFbWU1cBcndLY/I2m8fbOysK3Irl/sppO6ehCNlF3eU+Oryk:PYnLmHPRzvFF1s9VbXsME9sp8c30Uhrb

Score
8/10

Malware Config

Targets

    • Target

      EMS1277643414202寄出·.exe

    • Size

      284KB

    • MD5

      a3849ecfdffd3166982f48c5431d9e7a

    • SHA1

      6da56fe67c7854fe6ad0643b52a31b77f7f53e46

    • SHA256

      d69b13f1276594f9f10cf722a15179b0d71911a92d15a726e1bdd234a880cf92

    • SHA512

      127b82ad19255b5d609e77bc7b9cd34d782b19a5d439ebe8153f5cf67ad582320c9e2f576375425f8b0460db349a003fb8500f2b56fb8814e4b066b0e5857d68

    • SSDEEP

      6144:PYa6d1YYmHTbRzumHFbWU1cBcndLY/I2m8fbOysK3Irl/sppO6ehCNlF3eU+Oryk:PYnLmHPRzvFF1s9VbXsME9sp8c30Uhrb

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks