Overview

overview

10

Static

static

448838b2a6...in.exe

windows7_x64

10

448838b2a6...in.exe

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    01-10-2020 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    448838b2a60484ee78c2198f2c0c9c85.bin.exe

  • Size

    115KB

  • MD5

    448838b2a60484ee78c2198f2c0c9c85

  • SHA1

    f2c43a01cabaa694228f5354ea8c6bcf3b7a49b3

  • SHA256

    64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273

  • SHA512

    9e532af06e5f4764529211e8c5c749baa7b01c72f11b603218c3c08d70cf1e732f8d9d81ec257ca247aaa96d1502150a2f402b1b3914780b6344222b007dd53f

Score
10/10
trojanslothfulmedia

Malware Config

Signatures

  • SlothfulMedia

    SlothfulMedia is a malware used by sophisticated threat actors that drops a remote access tool.

    trojanslothfulmedia
  • SlothfulMedia Main Payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\448838b2a60484ee78c2198f2c0c9c85.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\448838b2a60484ee78c2198f2c0c9c85.bin.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\Users\Admin\AppData\Roaming\Media\mediaplayer.exe
      "C:\Users\Admin\AppData\Roaming\Media\mediaplayer.exe"
      2⤵
      • Executes dropped EXE
      PID:1080
    • C:\Users\Admin\AppData\Local\Temp\WsxZT.exe
      "C:\Users\Admin\AppData\Local\Temp\WsxZT.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:3536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads