Overview

overview

7

Static

static

3

bc45ebc527...f9.exe

windows7-x64

7

bc45ebc527...f9.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc45ebc527331fef076e05cb0f7f0d6cd40d3c2369453d90566b8466f8f1b6f9.exe

  • Size

    11.9MB

  • Sample

    241120-dtln7szgqk

  • MD5

    4027080d8b6529444fde4b40590a16da

  • SHA1

    cd4deabb4dd53286a8f6a668701cef3ac509e4fc

  • SHA256

    bc45ebc527331fef076e05cb0f7f0d6cd40d3c2369453d90566b8466f8f1b6f9

  • SHA512

    469ba3751e947a881a78911ff76ee2c58ab46cbeb5ccffdfdd115f5c21d3e6601699b86e1ca5243fb15730dc1d45d25c5d24a175e0269fd95712087bac47be06

  • SSDEEP

    196608:DDo0XzQcFz7P/qAhJW7EdqVbkr/87dnoJ1BvcYQh47R2EovZDS5ODqLxj:3o0X8QKAh07EkOr87dnobtShPfZMODqZ

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      bc45ebc527331fef076e05cb0f7f0d6cd40d3c2369453d90566b8466f8f1b6f9.exe

    • Size

      11.9MB

    • MD5

      4027080d8b6529444fde4b40590a16da

    • SHA1

      cd4deabb4dd53286a8f6a668701cef3ac509e4fc

    • SHA256

      bc45ebc527331fef076e05cb0f7f0d6cd40d3c2369453d90566b8466f8f1b6f9

    • SHA512

      469ba3751e947a881a78911ff76ee2c58ab46cbeb5ccffdfdd115f5c21d3e6601699b86e1ca5243fb15730dc1d45d25c5d24a175e0269fd95712087bac47be06

    • SSDEEP

      196608:DDo0XzQcFz7P/qAhJW7EdqVbkr/87dnoJ1BvcYQh47R2EovZDS5ODqLxj:3o0X8QKAh07EkOr87dnobtShPfZMODqZ

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks