Overview

overview

7

Static

static

3

ef12e5bf42...0f.exe

windows7-x64

7

ef12e5bf42...0f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef12e5bf42d3d30cca025fd55aa567fc4b64befdb8a0a2f74ecb84d8ebd4a50f

  • Size

    81KB

  • Sample

    240919-drkzwsxhna

  • MD5

    cef506bf2ab673530d99bbc5fef8c468

  • SHA1

    060e78ab9b77608476959b34f6ab1a258546cc57

  • SHA256

    ef12e5bf42d3d30cca025fd55aa567fc4b64befdb8a0a2f74ecb84d8ebd4a50f

  • SHA512

    d812d0f759607c38ee8163922005ad9627c609c72457b3ef1c905015cbf3cdd15e863b2499a37c76195639a6feb4144c425fa8712a54ff0c0b65531b3928dd94

  • SSDEEP

    1536:hwdAbnmVhphWZp+iUO++AXljiBimx6gNwJjZf3xUZv:hwdVhpYmG+Tismx6gsluZv

Score
7/10
defense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      ef12e5bf42d3d30cca025fd55aa567fc4b64befdb8a0a2f74ecb84d8ebd4a50f

    • Size

      81KB

    • MD5

      cef506bf2ab673530d99bbc5fef8c468

    • SHA1

      060e78ab9b77608476959b34f6ab1a258546cc57

    • SHA256

      ef12e5bf42d3d30cca025fd55aa567fc4b64befdb8a0a2f74ecb84d8ebd4a50f

    • SHA512

      d812d0f759607c38ee8163922005ad9627c609c72457b3ef1c905015cbf3cdd15e863b2499a37c76195639a6feb4144c425fa8712a54ff0c0b65531b3928dd94

    • SSDEEP

      1536:hwdAbnmVhphWZp+iUO++AXljiBimx6gNwJjZf3xUZv:hwdVhpYmG+Tismx6gsluZv

    Score
    7/10
    defense_evasiondiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks