Overview

overview

10

Static

static

3

64f39b858c...1b.exe

windows7-x64

10

64f39b858c...1b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64f39b858c1d784df1ca8eb895ac7eaf47bf39acf008ed4ae27a796ac90f841b

  • Size

    313KB

  • Sample

    240410-nndrhshc2t

  • MD5

    e26a66bfe0da89405e25a66baad95b05

  • SHA1

    4eb5c832ce940739d6c0eb1b4fc7a78def1dd15e

  • SHA256

    64f39b858c1d784df1ca8eb895ac7eaf47bf39acf008ed4ae27a796ac90f841b

  • SHA512

    2b24ae439a012e0dd8c0cf2669909d9e4b3ffa937dd856dd149db72ca231d749d63e7e960d41e57649b72b17f35f8b030d34f12e33aef6d4451e000ea4a2eb78

  • SSDEEP

    6144:DDKW1Lgbdl0TBBvjc/h6iNYKfER27VcHmb7epjV5khYVyewqF:Xh1Lk70Tnvjc5zfEcapjVBNF

Score
10/10
drokbkbackdoordropperpersistence

Malware Config

Targets

    • Target

      64f39b858c1d784df1ca8eb895ac7eaf47bf39acf008ed4ae27a796ac90f841b

    • Size

      313KB

    • MD5

      e26a66bfe0da89405e25a66baad95b05

    • SHA1

      4eb5c832ce940739d6c0eb1b4fc7a78def1dd15e

    • SHA256

      64f39b858c1d784df1ca8eb895ac7eaf47bf39acf008ed4ae27a796ac90f841b

    • SHA512

      2b24ae439a012e0dd8c0cf2669909d9e4b3ffa937dd856dd149db72ca231d749d63e7e960d41e57649b72b17f35f8b030d34f12e33aef6d4451e000ea4a2eb78

    • SSDEEP

      6144:DDKW1Lgbdl0TBBvjc/h6iNYKfER27VcHmb7epjV5khYVyewqF:Xh1Lk70Tnvjc5zfEcapjVBNF

    Score
    10/10
    drokbkbackdoordropperpersistence

    • Drokbk

      Drokbk is a custom .NET dropper and backdoor.

      dropperbackdoordrokbk

    • Drokbk payload

    • Creates new service(s)

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks