Overview

overview

8

Static

static

3

72c8edc7c6...76.exe

windows7-x64

8

72c8edc7c6...76.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    72c8edc7c6bf02478b096231fe2b7f273dd9e68045556b9d7b4a0c71722c7476

  • Size

    632KB

  • Sample

    240411-l7m37acd8t

  • MD5

    fd39d5c609501c6d66411a1d94735868

  • SHA1

    ba1eb7b73e54378cffe1ef453f62051963e15e04

  • SHA256

    72c8edc7c6bf02478b096231fe2b7f273dd9e68045556b9d7b4a0c71722c7476

  • SHA512

    3400f71f8e76a08037b32a2cefcf3893a07c829fdefbe11c96e5c20e59073ae154c3b37832faa072bd3ee8a91a742611c6c12f6b7322d72b7ae121d3770b03bb

  • SSDEEP

    12288:q/iSuokQiMXBLfzYjnlJE1xl444clzKbtDf4TclbwO0dJYPjfWrhrn:q/iUbVKnHEva4plzKxT4TclEO0yjM7

Score
8/10
persistence

Malware Config

Targets

    • Target

      72c8edc7c6bf02478b096231fe2b7f273dd9e68045556b9d7b4a0c71722c7476

    • Size

      632KB

    • MD5

      fd39d5c609501c6d66411a1d94735868

    • SHA1

      ba1eb7b73e54378cffe1ef453f62051963e15e04

    • SHA256

      72c8edc7c6bf02478b096231fe2b7f273dd9e68045556b9d7b4a0c71722c7476

    • SHA512

      3400f71f8e76a08037b32a2cefcf3893a07c829fdefbe11c96e5c20e59073ae154c3b37832faa072bd3ee8a91a742611c6c12f6b7322d72b7ae121d3770b03bb

    • SSDEEP

      12288:q/iSuokQiMXBLfzYjnlJE1xl444clzKbtDf4TclbwO0dJYPjfWrhrn:q/iUbVKnHEva4plzKxT4TclEO0yjM7

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks