Overview

overview

7

Static

static

1

winrar-x64-621es.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winrar-x64-621es.exe

  • Size

    3.5MB

  • Sample

    230311-y3q1habb59

  • MD5

    db5aea690500b898cb30e1b149e3bcb2

  • SHA1

    2de5f136a7b94124e2b15a9c9185637bea503da4

  • SHA256

    89b5ec3e64b8c276195a14e762439b78594a267082e6875f70c873ef6836be88

  • SHA512

    627e0cb9da2839abfadecddda1ed10c52a2b56140a338750549d8163d0f7596b2bae8f83336c05446f20333d593179f81efc6ac18a31699aa85e898381d14122

  • SSDEEP

    98304:QXBOBfKPMXjTKf8zCgs1aArGgaZ+0Vkvis1:QX/PwifXaArMFois1

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      winrar-x64-621es.exe

    • Size

      3.5MB

    • MD5

      db5aea690500b898cb30e1b149e3bcb2

    • SHA1

      2de5f136a7b94124e2b15a9c9185637bea503da4

    • SHA256

      89b5ec3e64b8c276195a14e762439b78594a267082e6875f70c873ef6836be88

    • SHA512

      627e0cb9da2839abfadecddda1ed10c52a2b56140a338750549d8163d0f7596b2bae8f83336c05446f20333d593179f81efc6ac18a31699aa85e898381d14122

    • SSDEEP

      98304:QXBOBfKPMXjTKf8zCgs1aArGgaZ+0Vkvis1:QX/PwifXaArMFois1

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks