Overview

overview

10

Static

static

10

e1813b5427...0c.exe

windows7-x64

8

e1813b5427...0c.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d83cac8ac77e88472b7d1a46b4bdc006.bin

  • Size

    20KB

  • Sample

    240613-ctzema1dkh

  • MD5

    b5d1b0d88212ee235c6b471a55d4eac5

  • SHA1

    7d28670294c7b1ef76fda3271819b5d88548e7d9

  • SHA256

    5f2d9f7cb1652a5d50b4b7f2e9a12cbb3260305d6f4ce36fec31977586067695

  • SHA512

    5c3ff53c12c6b92e9feba4b2c5234105bdce463d9059fceec93bf66eddc48cfa94f247b8d0c253b9c8aeb738b70b72651b0a18115e1e7ceea2387fdaa0c2a7e6

  • SSDEEP

    384:jW4TNyy5tKAqO8q76yZvMlsjoi8M8Muc5ggV0s0cjMNJv+DheqSVZgAM+x/v:jW4TY+QAqO77xZNZXqhg+s0cj190Z7M6

Score
10/10
runningratpersistence

Malware Config

Targets

    • Target

      e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c.exe

    • Size

      48KB

    • MD5

      d83cac8ac77e88472b7d1a46b4bdc006

    • SHA1

      ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0

    • SHA256

      e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c

    • SHA512

      a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks