Overview

overview

9

Static

static

6

ฺฺฺà...ฺฺ

windows10_x64

9

ฺฺฺà...ºà¸º1m

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F0RMULAR10_5403797_IWP6.zip.zip

  • Size

    3.6MB

  • Sample

    201121-ktz427mndj

  • MD5

    b82073bb61200cb0dc358d664abf89bd

  • SHA1

    ef31407463199705a282c11b579efc1bcb4c7ae0

  • SHA256

    ffe38b484df3b5fc6fe199474e9426773d2d424637e3714f2c6f64518e6aa4db

  • SHA512

    0f229378d2cb850f9f786809a946e7880c1ecef00fc6d28ccdedffb829ac599a4dea03b84ef85966a18245f213cb96457cc9d17f8ace4483af264c19e08724da

Score
9/10

Malware Config

Targets

    • Target

      534867_DOCTOURElC.msi

    • Size

      9.8MB

    • MD5

      bf69b794fe2b921f1cbafd3ec1e6c733

    • SHA1

      22464766695801e76be5b86978a57c3d7bc3c9be

    • SHA256

      dacf7e5ad5c8d564f185a961faa76018f2ba3c43dfcda03b33546bbbeb78d9fc

    • SHA512

      b33a8d903fe6e474424b3c0a1212b10df35cfb4784c9289f29b4f408b530c936c8c7a14b8dc213fd983668e368997fd932131b07334c41bd2d3129cefc383b46

    Score
    9/10

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Blacklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks