Overview

overview

10

Static

static

kart bilgisi.exe

windows7_x64

10

kart bilgisi.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kart bilgisi.exe

  • Size

    21KB

  • Sample

    210118-a3sa6bp9s6

  • MD5

    0257e00e166306625f0e143cc40f73de

  • SHA1

    d5117bcbb4759aad0b619c9aab45897148d90316

  • SHA256

    22e473a7adb1bf3da0d6b900d5ec9f1b4a455bde122d31d6509b8d7b5bd9eab1

  • SHA512

    0bd64f2ac63e5f2283e40a2c6b0b83f9b1e3300be6bda0a3904491e50d1f6c7b3ae9d9cdacaa0b82de29c14eaf396cd8060f1bb86520963105c6bd674c730654

Score
10/10
persistence

Malware Config

Targets

    • Target

      kart bilgisi.exe

    • Size

      21KB

    • MD5

      0257e00e166306625f0e143cc40f73de

    • SHA1

      d5117bcbb4759aad0b619c9aab45897148d90316

    • SHA256

      22e473a7adb1bf3da0d6b900d5ec9f1b4a455bde122d31d6509b8d7b5bd9eab1

    • SHA512

      0bd64f2ac63e5f2283e40a2c6b0b83f9b1e3300be6bda0a3904491e50d1f6c7b3ae9d9cdacaa0b82de29c14eaf396cd8060f1bb86520963105c6bd674c730654

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks