Overview

overview

9

Static

static

95184d6acb...6f.exe

windows7_x64

8

95184d6acb...6f.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95184d6acbcd3d1f526271d43c7d6e6f

  • Size

    13.6MB

  • Sample

    201117-91pv4e5e82

  • MD5

    b61e4049ce52400869cc6afe222ca329

  • SHA1

    95a0715fb486cd9eee7f7df811e93a838539335e

  • SHA256

    f7c20cd92f517c238ec163ec7460b0fa677f656a5e4cb9875c7cfdc38ece9ae6

  • SHA512

    9d43a10fda7ad7ac24c8895788d97687219e0112a1c5f9464dbe1aba13da0ca1030381f11da4342b6f6bf0231b7f287bf56fcadb6fd8481f791dbe1b2a7c55d1

Score
9/10
discovery

Malware Config

Targets

    • Target

      95184d6acbcd3d1f526271d43c7d6e6f

    • Size

      13.6MB

    • MD5

      b61e4049ce52400869cc6afe222ca329

    • SHA1

      95a0715fb486cd9eee7f7df811e93a838539335e

    • SHA256

      f7c20cd92f517c238ec163ec7460b0fa677f656a5e4cb9875c7cfdc38ece9ae6

    • SHA512

      9d43a10fda7ad7ac24c8895788d97687219e0112a1c5f9464dbe1aba13da0ca1030381f11da4342b6f6bf0231b7f287bf56fcadb6fd8481f791dbe1b2a7c55d1

    Score
    9/10
    discovery

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks