Overview

overview

7

Static

static

3

32f0399ce1...f7.exe

windows7-x64

7

32f0399ce1...f7.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32f0399ce12ec4ccf657b7fb012eef42bfa528dfe34d3ed527c372e894a13ff7

  • Size

    460KB

  • Sample

    240319-f2wv9abe7s

  • MD5

    ac923abb88737ffa8710cc85474cc18c

  • SHA1

    6e9e9501273f22363947481f3e98b02759d72cfa

  • SHA256

    32f0399ce12ec4ccf657b7fb012eef42bfa528dfe34d3ed527c372e894a13ff7

  • SHA512

    c5c0a26ae8b0be8a98815684b9c61a0c2c2e9e814421c6317479d5119e63f7645437bd2ef35947d9f48f230c275b824dcc3feeb843b5dd6d93db4e4bbd498602

  • SSDEEP

    6144:EBapC9DUIYmO5Kv5Q7X/l/rYvkW1VxxfnzrV9UAH0ctkPfc92F8+RLpIh9jhl:zpQD+mO5KWy/zrVbt4fcY7R9U9jv

Score
7/10
persistence

Malware Config

Targets

    • Target

      32f0399ce12ec4ccf657b7fb012eef42bfa528dfe34d3ed527c372e894a13ff7

    • Size

      460KB

    • MD5

      ac923abb88737ffa8710cc85474cc18c

    • SHA1

      6e9e9501273f22363947481f3e98b02759d72cfa

    • SHA256

      32f0399ce12ec4ccf657b7fb012eef42bfa528dfe34d3ed527c372e894a13ff7

    • SHA512

      c5c0a26ae8b0be8a98815684b9c61a0c2c2e9e814421c6317479d5119e63f7645437bd2ef35947d9f48f230c275b824dcc3feeb843b5dd6d93db4e4bbd498602

    • SSDEEP

      6144:EBapC9DUIYmO5Kv5Q7X/l/rYvkW1VxxfnzrV9UAH0ctkPfc92F8+RLpIh9jhl:zpQD+mO5KWy/zrVbt4fcY7R9U9jv

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks