Overview

overview

8

Static

static

3

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    436f85fb7fe10120c788d66737534c85

  • Size

    89KB

  • Sample

    231225-3jkftsaaa5

  • MD5

    436f85fb7fe10120c788d66737534c85

  • SHA1

    8ffde676dc587b66ea48a411f4dacf2c4a483fbe

  • SHA256

    9972341bedf9fffbb9b1e425db1902360dc1a31ec36ea34719d0ada9f63c3e6d

  • SHA512

    4ba65ecaa638f0d009ebab67de8e5864f09e7d479748e141a1488ca6a62c4ea6a12cb0ad783fac246ba7f7c5235e444129611490c39938178ed48aeefccc8387

  • SSDEEP

    1536:tvg1WKQmK74VzprUxe7kvLSPkIJNE9sq0Qs07tes/nqgxk5B3JxHKJISOuXsdQ5D:tvgEL7Yo4PkH9sIb8s/q6g3COHJ9bCMS

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      180KB

    • MD5

      b5bfc25ec5d0d2576975e6df14cee8f2

    • SHA1

      ff48876248f0f0ff668aa7d67e2243bd9a3fd465

    • SHA256

      e39b4d47bafb657aa37f821378b6140e21643173551f0c01adf8dbf4a3f0d748

    • SHA512

      aaaafcad061f3ce56aeb0a636fb375dbb8eda5d34e4ce743037ff90ec00b3cd972bbf671881f0a3fb3ab9a03f0782944454f78eed2cf33c72aff2e758e52ce6f

    • SSDEEP

      3072:fBAp5XhKpN4eOyVTGfhEClj8jTk+0hD+V64pfPFxI:ibXE9OiTGfhEClq9VzfPFa

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks