Overview

overview

8

Static

static

3

01787699.exe

windows7-x64

3

01787699.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01787699.exe

  • Size

    1.7MB

  • Sample

    230611-nfrcmsha47

  • MD5

    067bead66e6f478fcbef8ec81ebdbf48

  • SHA1

    2f74c052929f09c1c7d64c5bb8baa758f95eb68e

  • SHA256

    e1ec3c819259fbc1e651a9cf6503aa707d6017e499a1f44297515a180a6e9a12

  • SHA512

    ed10eff39addb9a2972d68d6278b94c855f4693c752dd1232668df8c9c669af36e594a893ee08ab654167091d64c3d5849a6b148639eee93fc73a7204db83f0e

  • SSDEEP

    1536:E7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfegIxRvEGm:6liUPXC8k1nJrX+fNTBfu

Score
8/10

Malware Config

Targets

    • Target

      01787699.exe

    • Size

      1.7MB

    • MD5

      067bead66e6f478fcbef8ec81ebdbf48

    • SHA1

      2f74c052929f09c1c7d64c5bb8baa758f95eb68e

    • SHA256

      e1ec3c819259fbc1e651a9cf6503aa707d6017e499a1f44297515a180a6e9a12

    • SHA512

      ed10eff39addb9a2972d68d6278b94c855f4693c752dd1232668df8c9c669af36e594a893ee08ab654167091d64c3d5849a6b148639eee93fc73a7204db83f0e

    • SSDEEP

      1536:E7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfegIxRvEGm:6liUPXC8k1nJrX+fNTBfu

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks