Overview

overview

9

Static

static

acfe5824e5...9a.exe

windows7_x64

8

acfe5824e5...9a.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acfe5824e57eb300d1328c68e7ba188dba19666ec1e6bfa77fff6ce2420ce99a

  • Size

    284KB

  • Sample

    201109-l51w3k7glx

  • MD5

    40c157e8302e1cf6af387b5f88a89ea3

  • SHA1

    22bf5f8acc26244c374835b8bb53d9de4becebbd

  • SHA256

    acfe5824e57eb300d1328c68e7ba188dba19666ec1e6bfa77fff6ce2420ce99a

  • SHA512

    490e3449868c2db741360b036b0ee8621668c5fae75b972ae411713ec612fc1ceaf83a8526924ab5715a525e9d5ff5a180e290ceb383eadf7466441a2bc97abf

Score
9/10
discoverypersistence

Malware Config

Targets

    • Target

      acfe5824e57eb300d1328c68e7ba188dba19666ec1e6bfa77fff6ce2420ce99a

    • Size

      284KB

    • MD5

      40c157e8302e1cf6af387b5f88a89ea3

    • SHA1

      22bf5f8acc26244c374835b8bb53d9de4becebbd

    • SHA256

      acfe5824e57eb300d1328c68e7ba188dba19666ec1e6bfa77fff6ce2420ce99a

    • SHA512

      490e3449868c2db741360b036b0ee8621668c5fae75b972ae411713ec612fc1ceaf83a8526924ab5715a525e9d5ff5a180e290ceb383eadf7466441a2bc97abf

    Score
    9/10
    discoverypersistence

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks