Overview

overview

10

Static

static

3

87a8cb7fa0...fN.exe

windows7-x64

10

87a8cb7fa0...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87a8cb7fa0227c2a7d855f2f0c4052ec7c2fd2af44a602d606f24975ae38abefN

  • Size

    361KB

  • Sample

    241023-t5kt2sscpm

  • MD5

    1aa1e0627f575e247359fd27df219790

  • SHA1

    162c41760185be9f0ba0472e26fe2e4057dcd86e

  • SHA256

    87a8cb7fa0227c2a7d855f2f0c4052ec7c2fd2af44a602d606f24975ae38abef

  • SHA512

    76774841831d15412b3ce2619840a5118dc3d4b159992377d167d79f6a7580c28f1a54ddc627652a3b0a826ba821fd06c053e190ec41ffbb18edd39beeee4349

  • SSDEEP

    6144:YeC4EwZFoobUk8qp0qpgogZfpjkNYZkTx:8fhuLwflkckTx

Score
10/10
evasionexecutiontrojan

Malware Config

Targets

    • Target

      87a8cb7fa0227c2a7d855f2f0c4052ec7c2fd2af44a602d606f24975ae38abefN

    • Size

      361KB

    • MD5

      1aa1e0627f575e247359fd27df219790

    • SHA1

      162c41760185be9f0ba0472e26fe2e4057dcd86e

    • SHA256

      87a8cb7fa0227c2a7d855f2f0c4052ec7c2fd2af44a602d606f24975ae38abef

    • SHA512

      76774841831d15412b3ce2619840a5118dc3d4b159992377d167d79f6a7580c28f1a54ddc627652a3b0a826ba821fd06c053e190ec41ffbb18edd39beeee4349

    • SSDEEP

      6144:YeC4EwZFoobUk8qp0qpgogZfpjkNYZkTx:8fhuLwflkckTx

    Score
    10/10
    evasionexecutiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks