Overview

overview

7

Static

static

1

W8K2qWdNXy...pG.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    W8K2qWdNXyT1uuwzcUpG.exe

  • Size

    150KB

  • Sample

    230312-sjp17sec44

  • MD5

    e52b5c62726fa01689461fa3097df456

  • SHA1

    9c3d13633a9562ebae52907505d2587dd5384fdf

  • SHA256

    28f885f0c5b0e0c469b26b248d41be0ff7510d33cb168d97f3abde8f1091ece1

  • SHA512

    778d51c07dd0831f2b5fda28ae1ea845352327274aa6daf6e99ed6642c8310fb253cd6226084118122f98e415b96fc4c4904f803e9dce0e4fb2cd356e2c1d395

  • SSDEEP

    3072:UV5vXK03SoTf0UMKQut7ToU7cZ/V05YOgjnLXuAdaVj0fxv3uT+Pi585L+0uB/mB:fXuN0fxD650+5

Score
7/10
persistence

Malware Config

Targets

    • Target

      W8K2qWdNXyT1uuwzcUpG.exe

    • Size

      150KB

    • MD5

      e52b5c62726fa01689461fa3097df456

    • SHA1

      9c3d13633a9562ebae52907505d2587dd5384fdf

    • SHA256

      28f885f0c5b0e0c469b26b248d41be0ff7510d33cb168d97f3abde8f1091ece1

    • SHA512

      778d51c07dd0831f2b5fda28ae1ea845352327274aa6daf6e99ed6642c8310fb253cd6226084118122f98e415b96fc4c4904f803e9dce0e4fb2cd356e2c1d395

    • SSDEEP

      3072:UV5vXK03SoTf0UMKQut7ToU7cZ/V05YOgjnLXuAdaVj0fxv3uT+Pi585L+0uB/mB:fXuN0fxD650+5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks