Overview

overview

7

Static

static

3

f2e029eab2...80.exe

windows7-x64

7

f2e029eab2...80.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2e029eab2140f964ef689c2a1fe7b0c43b3865d508c2411458a7f1f61834380

  • Size

    1.7MB

  • Sample

    240817-h5rrtaxarn

  • MD5

    f0c3859fdb7757b13720eec39fdd931f

  • SHA1

    85a6d9727bddf50a0031f7a6ffdce97a5c6dbdd5

  • SHA256

    f2e029eab2140f964ef689c2a1fe7b0c43b3865d508c2411458a7f1f61834380

  • SHA512

    8f265d6da30348c9fef4e54370638652ade09c63c7de5597390bc6ccd8f5010d510dec416415fcde0e82cb9747f6e7fc3e26450d952bad4a62b02e62a8250e66

  • SSDEEP

    24576:OXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0UNC:mbTChxKCnFnQXBbrtgb/iQvu0UHOa6

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      f2e029eab2140f964ef689c2a1fe7b0c43b3865d508c2411458a7f1f61834380

    • Size

      1.7MB

    • MD5

      f0c3859fdb7757b13720eec39fdd931f

    • SHA1

      85a6d9727bddf50a0031f7a6ffdce97a5c6dbdd5

    • SHA256

      f2e029eab2140f964ef689c2a1fe7b0c43b3865d508c2411458a7f1f61834380

    • SHA512

      8f265d6da30348c9fef4e54370638652ade09c63c7de5597390bc6ccd8f5010d510dec416415fcde0e82cb9747f6e7fc3e26450d952bad4a62b02e62a8250e66

    • SSDEEP

      24576:OXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oMaop0UNC:mbTChxKCnFnQXBbrtgb/iQvu0UHOa6

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks