Overview

overview

8

Static

static

3

039fd82bdc...c3.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    aa6d0350d8cd6398ffcbc2e47284ec33.bin

  • Size

    106KB

  • Sample

    240220-dq6j7saa4w

  • MD5

    4913131da68398e86e0c289974613642

  • SHA1

    d0504ab671c1b635b1ad95eb14fcfbe3f65cb732

  • SHA256

    f7856feaa244d862220d28c359e0bb785d6c0e32e142a7f72bd5a1f3aa8dd0aa

  • SHA512

    2f58ddc4da61d6941031183346337442acc5f25404f5d3dcda1b8954b8bbfac025bc49641b453b0439c100824e2366a0e54e791a8969f126a9577d3be1b471c3

  • SSDEEP

    3072:rE2oku//sEiLlQvhEJ7rfzUK3p840ZkkAtpXQGC8q:rEiE/sEKah+rfRdkEjU8q

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      039fd82bdccd334917eac90b3be910f752e2f152b433771f39bf1744e6298ec3.exe

    • Size

      184KB

    • MD5

      aa6d0350d8cd6398ffcbc2e47284ec33

    • SHA1

      f1833599da5f98e66e906e1b78b48ae7f70a970c

    • SHA256

      039fd82bdccd334917eac90b3be910f752e2f152b433771f39bf1744e6298ec3

    • SHA512

      563fc699a4a8a2d38b5598dc502816d335e1e872e6ef949ed95710fc4acb8b6dc431bdbfb58b81acfb8735f44624eb0d653db78d0287b3456f40f20b170b6906

    • SSDEEP

      3072:oMobR7ezAjLOZvmX185GWp1icKAArDZz4N9GhbkrNEkkB04s:teR7eammYp0yN90QE3

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks