Overview

overview

10

Static

static

10

0498fe1b3c...e7.exe

windows7-x64

8

0498fe1b3c...e7.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eff3e0fad856f7bed3f7ef76e355b75e.bin

  • Size

    21KB

  • Sample

    240616-c436kawdrg

  • MD5

    07d02bec75003767d3f01dc258b46224

  • SHA1

    81207165f0870921d0a383c0c1df520b189e12e6

  • SHA256

    8e9e2450457b27d6dadaabbe13780f2b5f345a051d1346434d60d06cd5295dfa

  • SHA512

    3e8fafbdd9190b360e23390b5596eea84bd3aea2f9fbcb96c79a076725275b0a95b85bc5c5364130c55ce63659a42167d32065042a7019f4f09f1a26d3f6accf

  • SSDEEP

    384:YSoQAhlN5L73044difBlpb+asrkn5WzI0RI6kw1yBZXGQ94M1Y49dA+R:julrv3044o7tsAn5WE0yPw18ZXGREd9R

Score
10/10
runningratpersistence

Malware Config

Targets

    • Target

      0498fe1b3c0866a85b0b9c653800877da139973d6b60646f99f00e014bbb71e7.exe

    • Size

      48KB

    • MD5

      eff3e0fad856f7bed3f7ef76e355b75e

    • SHA1

      ac9fc470156acc577e6b5e889b6d28bb12e39db8

    • SHA256

      0498fe1b3c0866a85b0b9c653800877da139973d6b60646f99f00e014bbb71e7

    • SHA512

      458ac1d27e70a2fbee1e5c8abb3d1b1fb0c093f57e06d3401a0e45bbc32d619afccbc21ca2d70a694eb173e17f1a46b7a59fdcdfa933618d4f4701e0909bf7b4

    • SSDEEP

      768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ChPC:Ub1MsHz3JDwhyWr+N95OTga6p

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a Windows Service

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks