Overview

overview

6

Static

static

Offer.exe

windows7_x64

6

Offer.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Offer.exe

  • Size

    1.5MB

  • Sample

    210118-jfd2lwdhk6

  • MD5

    584fec93c4d3af107c1b364f5090de14

  • SHA1

    e8635b77f7a7d2c0b8358d534ac4aaa069d7cef7

  • SHA256

    df75e05fcf2ca53ab96a989a800b33574bff0c9d4e8171e2baaaad9358a914bf

  • SHA512

    b03531d91ecdefbe85ba6abfd48edcbcf9dff4791d4383dd6e0898e992afa7ae95f47af52dfcbcdfdaaf90a597dd08938429f1a483a0f418a764f2d2825240e8

Score
6/10
persistence

Malware Config

Targets

    • Target

      Offer.exe

    • Size

      1.5MB

    • MD5

      584fec93c4d3af107c1b364f5090de14

    • SHA1

      e8635b77f7a7d2c0b8358d534ac4aaa069d7cef7

    • SHA256

      df75e05fcf2ca53ab96a989a800b33574bff0c9d4e8171e2baaaad9358a914bf

    • SHA512

      b03531d91ecdefbe85ba6abfd48edcbcf9dff4791d4383dd6e0898e992afa7ae95f47af52dfcbcdfdaaf90a597dd08938429f1a483a0f418a764f2d2825240e8

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks