Overview

overview

10

Static

static

6

_56991.exe

windows7_x64

1

_56991.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _56991.exe

  • Size

    2.1MB

  • Sample

    210115-j86x7mx4se

  • MD5

    a3e6eae5fbdc1875e49c6c84d941812f

  • SHA1

    fc8d23c11118fae5d7f7a0e2d18952135354c2c9

  • SHA256

    66f44a00d10affc3c6c2f08cac7a4381bae1d146a78dba33de205eb88654843d

  • SHA512

    b5f9012d4049cb34789024f2cd84fd25546f086fc1449d3ab5aa761b5293019dd61dce2fcf52b569e72222346277bfdd1a56701e243afde05c737c36d7a5d443

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      _56991.exe

    • Size

      2.1MB

    • MD5

      a3e6eae5fbdc1875e49c6c84d941812f

    • SHA1

      fc8d23c11118fae5d7f7a0e2d18952135354c2c9

    • SHA256

      66f44a00d10affc3c6c2f08cac7a4381bae1d146a78dba33de205eb88654843d

    • SHA512

      b5f9012d4049cb34789024f2cd84fd25546f086fc1449d3ab5aa761b5293019dd61dce2fcf52b569e72222346277bfdd1a56701e243afde05c737c36d7a5d443

    Score
    10/10
    discoverypersistence

    • Registers COM server for autorun

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks