Overview

overview

10

Static

static

b170368730...25.exe

windows7_x64

10

b170368730...25.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4548232738013184.zip

  • Size

    798KB

  • Sample

    210113-y6hq9gzvka

  • MD5

    fe925425eb496f4611f2a2ca0b87d223

  • SHA1

    a34eb7ac61cd82290dba8d5a00c049a3fd51309f

  • SHA256

    2eaddbbaef4bac1f9f6277dc93c428cdd13024139d158fa7f83fa371721aa62c

  • SHA512

    730bd2c1480897d63065d2228464faa902e8b8eb27405f9c2cb9c9afd5a6e2201956eabc7eaa3e2ac72f150ea73ea58566bd6a9f8b9eb3fac12e4347adcf1358

Score
10/10

Malware Config

Targets

    • Target

      b170368730c5c5cff393d9d171ca74c928e36f9fa4f2a2b795b463bb8caa1e25

    • Size

      966KB

    • MD5

      219a80b59c3cab8bac5d5c20634fb530

    • SHA1

      b681a334906fa48f7c881b4a645888a7fe4b05f2

    • SHA256

      b170368730c5c5cff393d9d171ca74c928e36f9fa4f2a2b795b463bb8caa1e25

    • SHA512

      71cb11b1af6f7ba69b623979eb42b7621b3dc3979b346bec70a57491391eaf6ddf6062b72a6163ad3d3708de2a826965e3d5efb2988e4b4bfd17c184c6341bb9

    Score
    10/10

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks