Overview

overview

8

Static

static

ff79682bb3...5c.exe

windows7_x64

8

ff79682bb3...5c.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff79682bb303ab3bdb0ea4dd42c27a987db53d1f6764fa7745cb4c34db8e4e5c

  • Size

    40KB

  • Sample

    210727-g296wf1ndj

  • MD5

    c58ecc617fb2cbf40f4703cfd4b70104

  • SHA1

    4d7e1750af1060a9a6a5f7aa7fcc986d0a3549e6

  • SHA256

    ff79682bb303ab3bdb0ea4dd42c27a987db53d1f6764fa7745cb4c34db8e4e5c

  • SHA512

    ba85396ef07f695a1361eedfc3d179689187d6799109aefe727deac88bf2eac35d0cbac11ecf7e279964022b71938af39449e6cd21e65bc488c35335326c3f8b

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      ff79682bb303ab3bdb0ea4dd42c27a987db53d1f6764fa7745cb4c34db8e4e5c

    • Size

      40KB

    • MD5

      c58ecc617fb2cbf40f4703cfd4b70104

    • SHA1

      4d7e1750af1060a9a6a5f7aa7fcc986d0a3549e6

    • SHA256

      ff79682bb303ab3bdb0ea4dd42c27a987db53d1f6764fa7745cb4c34db8e4e5c

    • SHA512

      ba85396ef07f695a1361eedfc3d179689187d6799109aefe727deac88bf2eac35d0cbac11ecf7e279964022b71938af39449e6cd21e65bc488c35335326c3f8b

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks