Overview

overview

8

Static

static

3

MainDab.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MainDab.exe

  • Size

    3.4MB

  • Sample

    240607-j3jtvsec38

  • MD5

    61c8fbae47137392a395793c6389a7c3

  • SHA1

    a5830825fdf83ebc0c3c71efa08f930ef28c1bac

  • SHA256

    4e5eecfa5d74032e0e84be4735741c3c1487419de546904b1812bbbcdbe40d3d

  • SHA512

    62205d56d2b8672663a903273f1e11af1e4d8c53a8511247d23d7669de7724a7a5e1d12a182f48e829608ed333f395f185a82758e1ddafb5b9a695b86a7c13e1

  • SSDEEP

    49152:TbOtb7mvXnLg3yLA4rWpDoRvbLuzs2J3Y2pDSmalRS88cnR5MtAxToDF0BtSLR:WlsXnLmyLA1QvYs2Jo2oLAWoB0BK

Score
8/10
execution

Malware Config

Targets

    • Target

      MainDab.exe

    • Size

      3.4MB

    • MD5

      61c8fbae47137392a395793c6389a7c3

    • SHA1

      a5830825fdf83ebc0c3c71efa08f930ef28c1bac

    • SHA256

      4e5eecfa5d74032e0e84be4735741c3c1487419de546904b1812bbbcdbe40d3d

    • SHA512

      62205d56d2b8672663a903273f1e11af1e4d8c53a8511247d23d7669de7724a7a5e1d12a182f48e829608ed333f395f185a82758e1ddafb5b9a695b86a7c13e1

    • SSDEEP

      49152:TbOtb7mvXnLg3yLA4rWpDoRvbLuzs2J3Y2pDSmalRS88cnR5MtAxToDF0BtSLR:WlsXnLmyLA1QvYs2Jo2oLAWoB0BK

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks