Overview

overview

8

Static

static

3

406e4debe8...e1.exe

windows7-x64

8

406e4debe8...e1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    406e4debe8bd51860964ee861a4df8e1

  • Size

    112KB

  • Sample

    231225-2ghzjscff2

  • MD5

    406e4debe8bd51860964ee861a4df8e1

  • SHA1

    e00f2dbe89be82f55b7c364c3bcadeae32adaec3

  • SHA256

    ca83d3794271815b339ff374d04748ca77959dd1ac2b28b29695b375878f8f00

  • SHA512

    f9a9f85b93045a80c9a1d3b84419740e9a14c4731879ab5709bd95f247631570a0791dbe78f565ac388dcddee32150fb58793c207fa6d7b99ecc5facc40cd274

  • SSDEEP

    3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/okd3:Zi+GaaeMfEqke/bo393

Score
8/10
persistence

Malware Config

Targets

    • Target

      406e4debe8bd51860964ee861a4df8e1

    • Size

      112KB

    • MD5

      406e4debe8bd51860964ee861a4df8e1

    • SHA1

      e00f2dbe89be82f55b7c364c3bcadeae32adaec3

    • SHA256

      ca83d3794271815b339ff374d04748ca77959dd1ac2b28b29695b375878f8f00

    • SHA512

      f9a9f85b93045a80c9a1d3b84419740e9a14c4731879ab5709bd95f247631570a0791dbe78f565ac388dcddee32150fb58793c207fa6d7b99ecc5facc40cd274

    • SSDEEP

      3072:DVi+GaaeMfzwqkOD/bRKBl5+02g3/okd3:Zi+GaaeMfEqke/bo393

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks