Overview

overview

7

Static

static

3

1df444a14c...0N.exe

windows7-x64

7

1df444a14c...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    1df444a14ce91b266c369c704fe87dac2075bf08f11c041060a889a4624dea00N

  • Size

    484KB

  • Sample

    241004-hgescazclj

  • MD5

    c7267f5022a2286c1b1a0d0d22f61e50

  • SHA1

    66edfad37ee53881ba1d2938f526041068ab19ee

  • SHA256

    1df444a14ce91b266c369c704fe87dac2075bf08f11c041060a889a4624dea00

  • SHA512

    930fa8ae8a9e68aab13d30ab3a6f89028a4660f16ac444cc808480fae10622382ecc35169255300cb9a200230c494f57c9a0b3ff5380e99733e0ee21298a6539

  • SSDEEP

    6144:+BapC9DUIYmO5Kv5Q7X/l/rYvkW1VxxfnzrV9UAH0ctkPfc92F8+1LpIh9jhl:RpQD+mO5KWy/zrVbt4fcY719U9jv

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      1df444a14ce91b266c369c704fe87dac2075bf08f11c041060a889a4624dea00N

    • Size

      484KB

    • MD5

      c7267f5022a2286c1b1a0d0d22f61e50

    • SHA1

      66edfad37ee53881ba1d2938f526041068ab19ee

    • SHA256

      1df444a14ce91b266c369c704fe87dac2075bf08f11c041060a889a4624dea00

    • SHA512

      930fa8ae8a9e68aab13d30ab3a6f89028a4660f16ac444cc808480fae10622382ecc35169255300cb9a200230c494f57c9a0b3ff5380e99733e0ee21298a6539

    • SSDEEP

      6144:+BapC9DUIYmO5Kv5Q7X/l/rYvkW1VxxfnzrV9UAH0ctkPfc92F8+1LpIh9jhl:RpQD+mO5KWy/zrVbt4fcY719U9jv

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks