Overview

overview

7

Static

static

1

WebPhotoGa...ic.exe

windows7-x64

7

WebPhotoGa...ic.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WebPhotoGalleryArabic.zip

  • Size

    160.4MB

  • Sample

    240319-t9w3wagg65

  • MD5

    d596dfa75c22308c65a412aad0a97db2

  • SHA1

    5364a60505e347ef68397657d3404ff27b5b0ad1

  • SHA256

    b7569d56a8ba896cbed8b5f82b8712d15cdf16a892e77db9af19b3b8833a9e17

  • SHA512

    fc89cf47d8c13530753c3c52ded64b64d7cf71479693d1527e15f0fc7a7f0b95af5b6c5bb61dfad9f6e8bf57621bcd4da2505062c9287110d6d6b7128959d4ad

  • SSDEEP

    3145728:YKScikC1BZfQWAI5J2D2nrdfJKSItV9rL0ux2Yer41wjRJpCoomrAkcOa1hm:v5bWAI5J2D05RnItjL0uxA293c

Score
7/10
evasiontrojan

Malware Config

Targets

    • Target

      WebPhotoGalleryArabic.exe

    • Size

      167.5MB

    • MD5

      c48de482c0685aafa5c647f4061a802d

    • SHA1

      960e445280d2b5a088822b6cca065f3bddb14281

    • SHA256

      71eb54e617c119a4e57433099651e0fad2df171f7bc6406053b5424f9e260f9c

    • SHA512

      3a030bb052b69c930ca34c89226f3f341e1ef3fcc5b27a37b718b2299c10fae416ae7dcf979fd366d75b673ef7404198cd91484313f999f17cddaa0370d73315

    • SSDEEP

      3145728:VnVTMT5Y6o+irlLEwwHlmNKHccNeueLX58HOVX2oXcXAI84itAOGQISKrN0Ja6hL:zq5QEwwHlmN+Rc1LX5pVX2oU5ZhBOr

    Score
    7/10
    evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks