Overview

overview

7

Static

static

3

d98f926f3a...JC.exe

windows7-x64

7

d98f926f3a...JC.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d98f926f3a2ea1308e2d80705591f91b_JC.exe

  • Size

    472KB

  • Sample

    231011-xr3pgsff9t

  • MD5

    d98f926f3a2ea1308e2d80705591f91b

  • SHA1

    badd7d2f741c15d58139a1ebc3ac0f5152f195b1

  • SHA256

    17e75f28d1566e91fc1e91a7782da24b1cf215fb7d5c2dfd746d7d4808049318

  • SHA512

    eac1f64906642702597a2952ab5817ff632d8aa1ebfb7a0dd759e6cff4309764621fd41abb03f703fe28bf564266c5e7d426df053fc8c4a75fc1ee9961a88338

  • SSDEEP

    6144:Wf+Jjjou35J6i5plrzuo6/LkeYvjoIHnv0RX/VwFdLD/7MsrYMC+9GXL9M8sG3dR:hj8u3ui5pl+uBvc/V0FdYxJdRqMt

Score
7/10
persistence

Malware Config

Targets

    • Target

      d98f926f3a2ea1308e2d80705591f91b_JC.exe

    • Size

      472KB

    • MD5

      d98f926f3a2ea1308e2d80705591f91b

    • SHA1

      badd7d2f741c15d58139a1ebc3ac0f5152f195b1

    • SHA256

      17e75f28d1566e91fc1e91a7782da24b1cf215fb7d5c2dfd746d7d4808049318

    • SHA512

      eac1f64906642702597a2952ab5817ff632d8aa1ebfb7a0dd759e6cff4309764621fd41abb03f703fe28bf564266c5e7d426df053fc8c4a75fc1ee9961a88338

    • SSDEEP

      6144:Wf+Jjjou35J6i5plrzuo6/LkeYvjoIHnv0RX/VwFdLD/7MsrYMC+9GXL9M8sG3dR:hj8u3ui5pl+uBvc/V0FdYxJdRqMt

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks