Overview

overview

8

Static

static

1

bart.exe

windows7-x64

8

bart.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bart.exe

  • Size

    776KB

  • Sample

    230314-mlr1pagh5v

  • MD5

    6a39f57725bccd075545b72a5205f6ce

  • SHA1

    2e2d88fe68bca68136996441afa1065a423007b1

  • SHA256

    02aeec3b3700be483dbe07a20959c39e57b9281680aad00a7683a130bf3a01a2

  • SHA512

    7d41a384cfb789b133371fb140c9ea1602119f0e4ad012fa7e0f225052ce56e29b05b14f55d829c69c4e632cc0e869e7b27e22dcc48d63f5d7ad38279fb06ed8

  • SSDEEP

    12288:db30Nt8NiLXRb4qJ5QIfDCw4v9QJglmIUeTs0k0XA3ncLHH:db30NWirw50c7H

Score
8/10

Malware Config

Targets

    • Target

      bart.exe

    • Size

      776KB

    • MD5

      6a39f57725bccd075545b72a5205f6ce

    • SHA1

      2e2d88fe68bca68136996441afa1065a423007b1

    • SHA256

      02aeec3b3700be483dbe07a20959c39e57b9281680aad00a7683a130bf3a01a2

    • SHA512

      7d41a384cfb789b133371fb140c9ea1602119f0e4ad012fa7e0f225052ce56e29b05b14f55d829c69c4e632cc0e869e7b27e22dcc48d63f5d7ad38279fb06ed8

    • SSDEEP

      12288:db30Nt8NiLXRb4qJ5QIfDCw4v9QJglmIUeTs0k0XA3ncLHH:db30NWirw50c7H

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks