Overview

overview

9

Static

static

9e1f84cf30...15.exe

windows7_x64

8

9e1f84cf30...15.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e1f84cf304b5797d62d52f8dcc7c415

  • Size

    11.4MB

  • Sample

    201117-3l9baxs8wj

  • MD5

    80110d66d054e0874e345ab990460189

  • SHA1

    04d91a89a9c8fea438d46e25a38d3a54664d718a

  • SHA256

    263d6b2245bb27595fc36a4f9d06817219bcc59c782fb9f551de7fbb0ac013d8

  • SHA512

    c384f9202446dd4e7d77aa3b96e6c26dd7104436f75c9e745733a048e57495dc53dd077fd54a3f8594470ee4fd61df2235d7fe15c302cec4d282c744ed26b951

Score
9/10
discovery

Malware Config

Targets

    • Target

      9e1f84cf304b5797d62d52f8dcc7c415

    • Size

      11.4MB

    • MD5

      80110d66d054e0874e345ab990460189

    • SHA1

      04d91a89a9c8fea438d46e25a38d3a54664d718a

    • SHA256

      263d6b2245bb27595fc36a4f9d06817219bcc59c782fb9f551de7fbb0ac013d8

    • SHA512

      c384f9202446dd4e7d77aa3b96e6c26dd7104436f75c9e745733a048e57495dc53dd077fd54a3f8594470ee4fd61df2235d7fe15c302cec4d282c744ed26b951

    Score
    9/10
    discovery

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks