Overview

overview

8

Static

static

3

Device/Har...es.exe

windows7_x64

8

Device/Har...es.exe

windows10_x64

8

Resubmissions

12-08-2021 22:58

210812-qkl5kmzwta 8

12-08-2021 22:51

210812-dygzc47h5a 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    images.exe_20210812-184035.zip

  • Size

    5.4MB

  • Sample

    210812-qkl5kmzwta

  • MD5

    03117b0ea9fa093ae59ac2cdb43e638b

  • SHA1

    7d7452fa47dae5c80e5a113c685fe35b03693477

  • SHA256

    25a4af78f1e5be92c17bc994cf5b56be3dcd7c2bd981861c898fbbbf5d5abfb2

  • SHA512

    02175941f1cdac07224c26d6dcba94ab54f576bbe4053e8b472aca5446a25bee683febcb45ca446e88ad00e99452eca4f3dbaf85acf59b2138ed49874750b78a

Score
8/10
persistencepyinstaller

Malware Config

Targets

    • Target

      Device/HarddiskVolume9/images.exe

    • Size

      5.5MB

    • MD5

      ee95094579fb30952cfa713c4e073941

    • SHA1

      995db08b14534b5a7df46b65ff76791e45c9ab12

    • SHA256

      54b899b5fa8989f021a606f7c7428b34e137f0aa204f3076398d5e61a7567b4c

    • SHA512

      8a50b66b647f9a5b92a060fc00aa94688c9a8e510e56d308facd4ce6eec538fd5b921d155f41756b1d22adb948cdbb9db4acad0ea9a736b71fb210af5e1777a0

    Score
    8/10
    persistencepyinstaller

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks