Overview

overview

8

Static

static

1

85d1d1ca4d...0f.exe

windows7-x64

8

85d1d1ca4d...0f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12510886036.zip

  • Size

    4.5MB

  • Sample

    231028-ygf86sgf35

  • MD5

    d9d4f8274d930c99ce825b4886825f88

  • SHA1

    4831add66db5098187731f763c5025ae93562afb

  • SHA256

    90a59fd1bb3c67c2d6215be6cc2d99de1831d1d06343b913afec2b62116b7172

  • SHA512

    aaaa61fae2ab4b234811d198445d13a4232d89e9c77d76eabeef5d8f61cd6735b93fd2799d45034abe5260e2885a10994b263c5382150146dcd3f1dfa45b8b66

  • SSDEEP

    98304:XowzyHHad7Wql4nh74tSx6v9dOKgu5Zm/UtKo:XowI8CqGh74tSS9dOKgU7tx

Score
8/10
persistence

Malware Config

Targets

    • Target

      85d1d1ca4d5881d9b98928c2006fb0eec9655e2705fe74088e6f974a19703f0f

    • Size

      4.6MB

    • MD5

      72cb7c6d98e9e47274733825c9176679

    • SHA1

      8681469349254c5203a7f9a189833d22a14f5cd9

    • SHA256

      85d1d1ca4d5881d9b98928c2006fb0eec9655e2705fe74088e6f974a19703f0f

    • SHA512

      d18d306ca9a311df1a96244ecc67a3e61ffc8b9b465a1301263e11d500cc2f38847e922c57d4a3321196d6ceb32310113d7d790b4dfb2c05c3ff1e2af26dc708

    • SSDEEP

      98304:zUaMwIBAoUcmmxVA5/xDnLx0yu+5TeRXExXYAx:Ia+AobhATd0yH0RXUo2

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks