Overview

overview

7

task1

 

7

task2

 

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Exes_00b3a7bbad18fbc2f4e646cae5568aef.exe

  • Size

    1.0MB

  • Sample

    190809-a81836d1se

  • MD5

    00b3a7bbad18fbc2f4e646cae5568aef

  • SHA1

    39cd3b50d5ec08df05f291e6ec075339020f8fbc

  • SHA256

    d1edf69b81bdfe16674f52628b0b802f6e9621317902cd6b539867360302f375

  • SHA512

    14a6d6ddb28a14f7295c254d5dcce99ce09bbfbc215e20775beb57b8ddc91d7616daf90ac80835ba1d0d0cba44426d8a1eb4e0f9e0f9ee4f831cece1f14f11e5

Score
N/A

Malware Config

Targets

    • Target

      Exes_00b3a7bbad18fbc2f4e646cae5568aef.exe

    • Size

      1.0MB

    • MD5

      00b3a7bbad18fbc2f4e646cae5568aef

    • SHA1

      39cd3b50d5ec08df05f291e6ec075339020f8fbc

    • SHA256

      d1edf69b81bdfe16674f52628b0b802f6e9621317902cd6b539867360302f375

    • SHA512

      14a6d6ddb28a14f7295c254d5dcce99ce09bbfbc215e20775beb57b8ddc91d7616daf90ac80835ba1d0d0cba44426d8a1eb4e0f9e0f9ee4f831cece1f14f11e5

    Score
    N/A

    • Drops startup file

    • Loads dropped DLL

    • Maps connected drives based on registry (likely anti-VM)

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Execution through Module Load

1
T1129

Persistence

Privilege Escalation

Process Injection

1
T1055

Defense Evasion

Obfuscated Files or Information

1
T1027

Process Injection

1
T1055

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks