Overview

overview

7

Static

static

3

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    69.8MB

  • Sample

    240415-tkszxscg4z

  • MD5

    dabe0e2b2f4e649d2fd3b6f6a70598ae

  • SHA1

    d9063f4b80865ab39dff5bb6fa6563093ec755fe

  • SHA256

    ec5c3420cfb120442b655cefbeba07d4dd5da3a4c3528d0584a45bb342a1e882

  • SHA512

    3dbbae4d36b8001583e60880bec0ca53383bfa5758f79b82560c2af098866128ce74aaee7a1fc5bc62de60ccfe00d8434a97d36186f9ae53875cfb3e44933b55

  • SSDEEP

    1572864:4EElPoG/DteDYfOD4qDGAvn7Bo7MyDT+dEHUQvshLBs51o076JkDCJ:4FPoG/BemORB1ydGE0Q0BO5q07s

Score
7/10
discoverylinkpdfpersistencepyinstaller

Malware Config

Targets

    • Target

      tmp

    • Size

      69.8MB

    • MD5

      dabe0e2b2f4e649d2fd3b6f6a70598ae

    • SHA1

      d9063f4b80865ab39dff5bb6fa6563093ec755fe

    • SHA256

      ec5c3420cfb120442b655cefbeba07d4dd5da3a4c3528d0584a45bb342a1e882

    • SHA512

      3dbbae4d36b8001583e60880bec0ca53383bfa5758f79b82560c2af098866128ce74aaee7a1fc5bc62de60ccfe00d8434a97d36186f9ae53875cfb3e44933b55

    • SSDEEP

      1572864:4EElPoG/DteDYfOD4qDGAvn7Bo7MyDT+dEHUQvshLBs51o076JkDCJ:4FPoG/BemORB1ydGE0Q0BO5q07s

    Score
    7/10
    linkpdfpyinstallerdiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks