Overview

overview

10

Static

static

10

1f2e39728d...12.exe

windows7-x64

8

1f2e39728d...12.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f0bf23db6496335d9adf01fb50ec091.bin

  • Size

    21KB

  • Sample

    240613-b781jszeje

  • MD5

    4bda81ead10d4231a4c592f74fb7d3b2

  • SHA1

    4df581e3cbbd64b83de2798c40987f0c59e4d76a

  • SHA256

    5a9559f2eec4dbf3a92e611b487dc132c1b776225b9a05d5c9dcbac415e0d8e1

  • SHA512

    dcf22f18f30d8e54c8d0075cea5b5a42edd598d9e5371a90012c34f65b5da0c4fa6753418d57caba56c5e23ffc0b0c887e758f27364acc00c8ec64210320e82a

  • SSDEEP

    384:PojwaHg+HnmtY2v0mBcnamj/zQf+EEjHgiFtErFEmzouqlvhSTii71SZ:PkrH2Y4jchPQyjAiFtAFEEo1vUZ7kZ

Score
10/10
runningratpersistence

Malware Config

Targets

    • Target

      1f2e39728d627019c482b270eabb614d39100ed910797c6884fc405ae6514412.exe

    • Size

      48KB

    • MD5

      7f0bf23db6496335d9adf01fb50ec091

    • SHA1

      92ba1a47b40306bf5e4027506c7683ab3577fb73

    • SHA256

      1f2e39728d627019c482b270eabb614d39100ed910797c6884fc405ae6514412

    • SHA512

      f62a8b136cec137784692547bb7259e36592dd474c16914683f872ab30f482d8acf6a2064c996515c1c99b3337c15b4d0c85fe971cd599c8e9aa54b5822f40df

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ThPC:Ub1MsHz3JDwhyWr+N95OTga6I

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks