Overview

overview

7

Static

static

order list.exe

windows7_x64

7

order list.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order list.exe

  • Size

    296KB

  • Sample

    200713-rvhtp4edqs

  • MD5

    76bb6a33ec5f8f6bd9defe4341871e98

  • SHA1

    0ec9277d8c2e410440485c7cd2202ef877d49230

  • SHA256

    7910fbd27cb1e4fd04a3356d45036821ed924ef1b8de3117d677be4938cb5140

  • SHA512

    806dade1f74874d3c6cb3acdabee50ebc3a6cd4927d57e83e7136b448fe0a207a3a0e440be3668b2116e2043452cf1f0327aedc1e7542a7e8684b53eda7d10d9

Score
7/10
evasiontrojan

Malware Config

Targets

    • Target

      order list.exe

    • Size

      296KB

    • MD5

      76bb6a33ec5f8f6bd9defe4341871e98

    • SHA1

      0ec9277d8c2e410440485c7cd2202ef877d49230

    • SHA256

      7910fbd27cb1e4fd04a3356d45036821ed924ef1b8de3117d677be4938cb5140

    • SHA512

      806dade1f74874d3c6cb3acdabee50ebc3a6cd4927d57e83e7136b448fe0a207a3a0e440be3668b2116e2043452cf1f0327aedc1e7542a7e8684b53eda7d10d9

    Score
    7/10
    evasiontrojan

    • Uses the VBS compiler for execution

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks