Overview

overview

8

Static

static

3

27b7778670...34.exe

windows7-x64

8

27b7778670...34.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    27b7778670b7838b3a4d476be2069034

  • Size

    205KB

  • Sample

    231231-etj12sbbe6

  • MD5

    27b7778670b7838b3a4d476be2069034

  • SHA1

    a49f16f25f2acab6382165b48552298dc4ac699b

  • SHA256

    be78d82e0318b0ceb904111058736abd44a150c3b2b4a74a472f18645142b6ca

  • SHA512

    7e89d0be47e6fcb71ca2aa0b513bc532e4785a0070ab79510149017b2f004ecb10fc61e46aa84678ccdaef739665a1d8d2a507f95260ef56a8f2896177119a1f

  • SSDEEP

    3072:WMSncRzAOZKr0b3mML5dxNqOooCoDErB0nyde/xTBLfBOAvlPdv:lSncRlA4bl5dLDEBAyUpfO4R

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      27b7778670b7838b3a4d476be2069034

    • Size

      205KB

    • MD5

      27b7778670b7838b3a4d476be2069034

    • SHA1

      a49f16f25f2acab6382165b48552298dc4ac699b

    • SHA256

      be78d82e0318b0ceb904111058736abd44a150c3b2b4a74a472f18645142b6ca

    • SHA512

      7e89d0be47e6fcb71ca2aa0b513bc532e4785a0070ab79510149017b2f004ecb10fc61e46aa84678ccdaef739665a1d8d2a507f95260ef56a8f2896177119a1f

    • SSDEEP

      3072:WMSncRzAOZKr0b3mML5dxNqOooCoDErB0nyde/xTBLfBOAvlPdv:lSncRlA4bl5dLDEBAyUpfO4R

    Score
    8/10
    evasionpersistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks