Overview

overview

10

Static

static

10

coreldraw_...le.exe

windows7-x64

7

coreldraw_...le.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c1d8186072a67dbf2f13eecf74161d46e2f0ab51766c83985f0f003e8b44fa0.7z

  • Size

    466.2MB

  • Sample

    230417-k5yw8sdf38

  • MD5

    57a9e6a681c2dd1203d275e944a6f714

  • SHA1

    e6ef01940f1e3ca0ba6d20e667ca3511953e9f0f

  • SHA256

    5c1d8186072a67dbf2f13eecf74161d46e2f0ab51766c83985f0f003e8b44fa0

  • SHA512

    85776c9787f9df4f6485105af3a7af2e5b95aa83348c1b8e9bcb619ee731b9f8e2b671f7b078d6cc6d4a002af5eda776fda25347c0f89f05801a2d120cb2303a

  • SSDEEP

    12582912:0QfF7orKXWT5bRaB8tFlP5JLRaTdDNSlVQdYqYX0:BfF8rKXO5TFnhRodDGzpX0

Score
10/10
bazarbackdoor

Malware Config

Targets

    • Target

      coreldraw_graphics_suite_2020v22.0.0.412/CorelDRAW 2020 Portable.exe

    • Size

      1230.3MB

    • MD5

      d20fe6aedcdde559c0bb9ee47434bf2e

    • SHA1

      38c6f84934a4b5aeb658475babdd0d8e2389ff67

    • SHA256

      4eea1a4d3c8a4c846a5010bacdc85cfc1ddac4030b58d4c0190cc91e6537e1c0

    • SHA512

      63f4e82043352c9af3efd8e987ad6b7583f5fb38263a0d0042b98620ad18e7275f01fe97997923e1bc6f4c91f5aec0dfa652230bb2a183f3f5b184d9f59a5f8c

    • SSDEEP

      12582912:8Ltn0JtwBuJYqN49D8O0u7eWOEUGdj1C+EpH41PH:m0J6gJrN49D8QeWOLGdpZdP

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks