Overview

overview

8

Static

static

3

791fb05217...0N.exe

windows7-x64

8

791fb05217...0N.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    791fb05217c6ebe818ec4a5d3d00f2c0N.exe

  • Size

    110KB

  • Sample

    240727-bpnlwsxeml

  • MD5

    791fb05217c6ebe818ec4a5d3d00f2c0

  • SHA1

    3bc0f72e641b0e3c78e44eaa4530231ff10c0629

  • SHA256

    4bb19996a12b0016f828ddff1f65d1024ba4d1316151e7ae0da0453484dc8d1e

  • SHA512

    9582184be789fbd12d24dbc0212261d9e419cf1fcdf9f4ba3baf615ae80678d4fb76e9ad24a354d10358930b0906fb616d90af2abb2015ec9fabdbf3ba9229ac

  • SSDEEP

    3072:O+fD+u6ERascLnzx3u6xCnO3Zh5l6yw7RsH5eZV:O+/6IaVVs2z6PZV

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      791fb05217c6ebe818ec4a5d3d00f2c0N.exe

    • Size

      110KB

    • MD5

      791fb05217c6ebe818ec4a5d3d00f2c0

    • SHA1

      3bc0f72e641b0e3c78e44eaa4530231ff10c0629

    • SHA256

      4bb19996a12b0016f828ddff1f65d1024ba4d1316151e7ae0da0453484dc8d1e

    • SHA512

      9582184be789fbd12d24dbc0212261d9e419cf1fcdf9f4ba3baf615ae80678d4fb76e9ad24a354d10358930b0906fb616d90af2abb2015ec9fabdbf3ba9229ac

    • SSDEEP

      3072:O+fD+u6ERascLnzx3u6xCnO3Zh5l6yw7RsH5eZV:O+/6IaVVs2z6PZV

    Score
    8/10
    discoverypersistence

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks