Overview

overview

10

Static

static

fac551f8ff...46.exe

windows7_x64

10

fac551f8ff...46.exe

windows10_x64

10

Resubmissions

13-01-2024 10:35

240113-mmndwshch9 10

09-07-2020 11:15

200709-954vxj2xke 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fac551f8ff156743a7f41bf36684691e87dfb123c027ea0541b962b3162e4c46

  • Size

    1.3MB

  • Sample

    200709-954vxj2xke

  • MD5

    2042fdc08ed48544a98307aec4610251

  • SHA1

    50a6c64a62347c6c87abb65d04803ff23832a7e8

  • SHA256

    fac551f8ff156743a7f41bf36684691e87dfb123c027ea0541b962b3162e4c46

  • SHA512

    b102fc8105b0a7cca5c33711e83af818dd9c37ff377d252edec69cbb05052387013426bbce38650c0360fb8c94f4796a8232b93f4c5d438caf031a50c4cae591

Score
10/10
samoratpersistencetrojan

Malware Config

Targets

    • Target

      fac551f8ff156743a7f41bf36684691e87dfb123c027ea0541b962b3162e4c46

    • Size

      1.3MB

    • MD5

      2042fdc08ed48544a98307aec4610251

    • SHA1

      50a6c64a62347c6c87abb65d04803ff23832a7e8

    • SHA256

      fac551f8ff156743a7f41bf36684691e87dfb123c027ea0541b962b3162e4c46

    • SHA512

      b102fc8105b0a7cca5c33711e83af818dd9c37ff377d252edec69cbb05052387013426bbce38650c0360fb8c94f4796a8232b93f4c5d438caf031a50c4cae591

    Score
    10/10
    trojansamoratpersistence

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • SamoRAT

      SamoRAT is a .NET malware used to receive and execute different commands on the infected system.

      trojansamorat

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks