Overview

overview

10

Static

static

ca394b6c6c...f5.exe

windows7_x64

10

ca394b6c6c...f5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca394b6c6ccc2cc51985bafd4649ec6447aa75b2a842ed71a8b9917d5cc943f5

  • Size

    4.6MB

  • Sample

    210513-8ltqhrlecj

  • MD5

    bc35686e5a3fa023fce77235322f5959

  • SHA1

    31601fd24ddc04f04c0a6715863f3142b53cffe8

  • SHA256

    ca394b6c6ccc2cc51985bafd4649ec6447aa75b2a842ed71a8b9917d5cc943f5

  • SHA512

    47bafb1f89e3401c42d5d670059e66ef46e6805bd32162edf335299f1741b8caa165bd2dba6a777c9b4d26d0560c71a1cab47031b482e2cd7c8e2ce2e197e2b3

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      ca394b6c6ccc2cc51985bafd4649ec6447aa75b2a842ed71a8b9917d5cc943f5

    • Size

      4.6MB

    • MD5

      bc35686e5a3fa023fce77235322f5959

    • SHA1

      31601fd24ddc04f04c0a6715863f3142b53cffe8

    • SHA256

      ca394b6c6ccc2cc51985bafd4649ec6447aa75b2a842ed71a8b9917d5cc943f5

    • SHA512

      47bafb1f89e3401c42d5d670059e66ef46e6805bd32162edf335299f1741b8caa165bd2dba6a777c9b4d26d0560c71a1cab47031b482e2cd7c8e2ce2e197e2b3

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks