Overview

overview

10

Static

static

1

401b41cc3b...7b.exe

windows7-x64

10

401b41cc3b...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b7761d63ad43b505d1a89607b182500.bin

  • Size

    473KB

  • Sample

    240315-bhcaaaeg79

  • MD5

    2ee5117aa2ab0fcb0c172208564e29a8

  • SHA1

    318077e9005f1ff737443d6b1ed14b07e1d527db

  • SHA256

    08f5f24c8ef6b7c7931798906143ff6eb6859c79c40de90be2bca3ded66c58d0

  • SHA512

    5fafe56bf21731f6c5f0bf2527984bb4ec3d3aa01fda7f7f56d8317f46cc9d9d7dc4a2de530ff0242e86d45d88bcc3951bb3ebf356f1cb83a42f32ca4769cf77

  • SSDEEP

    12288:6YYX7k+UfroMedc82of03m3z5tasMwcs0MMiGQLjUrW:6PooMedj2ekmLNbcs0LyjUrW

Score
10/10

Malware Config

Targets

    • Target

      401b41cc3b16d57c53f26a8a65233e4f3677579ad590f480c5efae55de0fa87b.exe

    • Size

      855KB

    • MD5

      2b7761d63ad43b505d1a89607b182500

    • SHA1

      b758584f3e7c93f3790d4c6c570a373fed19d123

    • SHA256

      401b41cc3b16d57c53f26a8a65233e4f3677579ad590f480c5efae55de0fa87b

    • SHA512

      436b5fabae435238e1d7768447661c8493a72e9cead567bb16cad0d35d967cfc65d16e033705c618a7b812193d87318b2de0dea5d998666ef26bca23d9e4e8a9

    • SSDEEP

      12288:Nk/7EenhzI/6QX4DKy3HdMQKYn/GAq9VhwzV1Xkrmhejsg:eBhzI/604GyHuQVOgLXkrmhw9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks