Overview

overview

8

Static

static

BANDIZIP-S...64.exe

windows7-x64

1

BANDIZIP-S...64.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    BANDIZIP-SETUP-STD-X64.EXE

  • Size

    6.8MB

  • Sample

    230111-2ch4raee84

  • MD5

    7793ef9c18f44a5962cc877e7efa110c

  • SHA1

    e3b05cd6c0477fa98e9d14221123c9e09fa5916f

  • SHA256

    58ac6c40593f0e7104ce838ef9163d743a5339166986ee4c3839224b25bddd26

  • SHA512

    b12a34ebda99691add598d0822b9c0ab3bdbad0b6c03d8af14e8799aadc8285a91654e46a087b10289dc86c8eaed86bd4e2d930d86c9aa0ba85010cb852862c2

  • SSDEEP

    196608:qr31OOcCprk5soeEjBAd7YyLQ0B4boBflQl7QiEQf1R:Q5Ujy7YyssKotlQl7dEQf1R

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      BANDIZIP-SETUP-STD-X64.EXE

    • Size

      6.8MB

    • MD5

      7793ef9c18f44a5962cc877e7efa110c

    • SHA1

      e3b05cd6c0477fa98e9d14221123c9e09fa5916f

    • SHA256

      58ac6c40593f0e7104ce838ef9163d743a5339166986ee4c3839224b25bddd26

    • SHA512

      b12a34ebda99691add598d0822b9c0ab3bdbad0b6c03d8af14e8799aadc8285a91654e46a087b10289dc86c8eaed86bd4e2d930d86c9aa0ba85010cb852862c2

    • SSDEEP

      196608:qr31OOcCprk5soeEjBAd7YyLQ0B4boBflQl7QiEQf1R:Q5Ujy7YyssKotlQl7dEQf1R

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks