9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b8f3040eb8f3d29ef149 | Triage

Submit
Reports

Overview

overview

Static

static

9bdcc933d0...4b.exe

windows7_x64

9bdcc933d0...4b.exe

windows10-2004_x64

7

Sharing

General

Target

9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b.exe
Size

1.3MB
Sample

220114-wvcrssaadp
MD5

a4d367f98a1fa3e594af0875379bda39
SHA1

a82d6bafcc260138eb11b4a511ff6f3e80441ce3
SHA256

9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b8f3040eb8f3d29ef149
SHA512

94deb8455db4863909dfccb33f7ceb128ff6a041c6e36d04d679df74fa0506443466ada3f3c13352d665e54d0440b2f086a8a599e7db914bc5e54df08f6ba547

Score

10^/10

persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b.exe

Resource

win7-en-20211208

persistence suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b.exe
- Size
  
  1.3MB
- MD5
  
  a4d367f98a1fa3e594af0875379bda39
- SHA1
  
  a82d6bafcc260138eb11b4a511ff6f3e80441ce3
- SHA256
  
  9bdcc933d0c04da1fa41ba915c460d9fa573e4bc5814b8f3040eb8f3d29ef149
- SHA512
  
  94deb8455db4863909dfccb33f7ceb128ff6a041c6e36d04d679df74fa0506443466ada3f3c13352d665e54d0440b2f086a8a599e7db914bc5e54df08f6ba547
Score

10^/10

persistence suricata
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE DCRAT Activity (GET)
  suricata: ET MALWARE DCRAT Activity (GET)
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

© 2018-2024

Terms | Privacy