Overview

overview

8

Static

static

3

efd8dcf153...e0.exe

windows7-x64

8

efd8dcf153...e0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    efd8dcf153b65b9c2535db98472b6752428035a0bd91dbf6932f3b66e82b6be0

  • Size

    771KB

  • Sample

    231013-pt2k7sbe66

  • MD5

    4dbfc41f1ca6c89e31744b6ba26ad1d5

  • SHA1

    b3bed92326a7e2fc230ff0f60582168d991e4474

  • SHA256

    efd8dcf153b65b9c2535db98472b6752428035a0bd91dbf6932f3b66e82b6be0

  • SHA512

    c436731750af6c84d81a4d914eb9ac9a252d1cc5d8f12c8800a36b37123ea6174a4fcb25a39fb4857efbacf92c76eb6fa5781dcde043fb7eb2c7a136fccd76f7

  • SSDEEP

    12288:U761vvrXBDZZmDmSh7SHSjX4z4ZV4kzI6OcGfAkx4tOF6j+Z:U7qvrXo7ZNX4z4YbcGfAkx4tNE

Score
8/10
persistence

Malware Config

Targets

    • Target

      efd8dcf153b65b9c2535db98472b6752428035a0bd91dbf6932f3b66e82b6be0

    • Size

      771KB

    • MD5

      4dbfc41f1ca6c89e31744b6ba26ad1d5

    • SHA1

      b3bed92326a7e2fc230ff0f60582168d991e4474

    • SHA256

      efd8dcf153b65b9c2535db98472b6752428035a0bd91dbf6932f3b66e82b6be0

    • SHA512

      c436731750af6c84d81a4d914eb9ac9a252d1cc5d8f12c8800a36b37123ea6174a4fcb25a39fb4857efbacf92c76eb6fa5781dcde043fb7eb2c7a136fccd76f7

    • SSDEEP

      12288:U761vvrXBDZZmDmSh7SHSjX4z4ZV4kzI6OcGfAkx4tOF6j+Z:U7qvrXo7ZNX4z4YbcGfAkx4tNE

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks