Overview

overview

8

Static

static

3

Easy Binde...er.exe

windows10-2004-x64

8

Easy Binde...er.exe

windows10-2004-x64

8

Easy Binde...ds.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Easy Binder.7z

  • Size

    2.3MB

  • Sample

    240915-gvcpgazbjr

  • MD5

    20e4b38f306895444b7d8a4928147b10

  • SHA1

    40a443940d1768b65c30a79a652e93dae9588e8b

  • SHA256

    307cd01d0fd9fca694af6c36cb6e0a34863d7f8e347021794ed8d79692a6dd6c

  • SHA512

    fc09f4673eb4670dcf6796fb9a95a91f170e3a37ee6375ca069c337b56aad3967c3b5a278d842a152e8ca923ed1116cb4a66bd3509b796602698cc23b9aff75c

  • SSDEEP

    49152:E+VVZlbOVwgTAUQYbnJ2sUqc+Kk4WTp2BoR7Y2kS:E+VBWTAUQYzbUdkTkoRUu

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      Easy Binder/Easy Binder.exe

    • Size

      233KB

    • MD5

      a52847ed575d1c80e963e32f949364ea

    • SHA1

      ea84cac8fb76ce8f75238d0c2b387d73c2786a86

    • SHA256

      d9a0d129acbc97c9c9efae78652110fa0206754f52977ad543b90293262ed527

    • SHA512

      06c73e5347f6b1f3fd38687ecb788f2396fb8f617d3d84066e743dd80519080e43907673355ced54ad5c371c0f8dd718c666ec048060941658217474e06007b3

    • SSDEEP

      3072:S4lX1j/W4ObuqZnyto613VVmn8sNYA6PpV:S6X1jSbu+yS6VdsNYAw

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution
    behavioral1

    • Target

      Easy Binder/db/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    8/10
    discoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral2

    • Target

      Easy Binder/db/ebdds.exe

    • Size

      2.3MB

    • MD5

      efbc9f49dd2f2e1088cdcec3cf35a41b

    • SHA1

      ecef7f277a50420d08fa7a9e0cbd8f37faef3394

    • SHA256

      cf28de8089bc70759c9d524cbbac2c3d46c4aed10ac57f622086e71032226295

    • SHA512

      9506331e80d4027e6e8c51ff8424ebe45226a63ab11a7bf228a4e1c5ecfe97606f507b47470e5015baba5cef5cae37fd7fd3caac7ea55ceac4894156d10cc665

    • SSDEEP

      12288:mz12SbKaODATgnJcOxnbUhBgIXP9N1PQGD4o1exBSR0heL9KWPqetXNk4E/lypEL:RnJ+DgIXPyK47LSyWXPv6bEDM3bYe

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks