Overview

overview

10

Static

static

00f556f93f...f8.exe

windows7_x64

10

00f556f93f...f8.exe

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00f556f93fabf6766d5f859556a008eab39a176ba3c979cb143ad118506c33f8

  • Size

    361KB

  • Sample

    220524-dxfblahchj

  • MD5

    7bd0e512edd2194c38864df24bbaa71d

  • SHA1

    bc811c561cbde749b28f9f3b58f57b1ccc699f1a

  • SHA256

    00f556f93fabf6766d5f859556a008eab39a176ba3c979cb143ad118506c33f8

  • SHA512

    6f0ea99edf859f8a9fb58fd7cd23efcb7aa284323acb40f426c9eaa780f258c157f61b275ce4d24d359aa42b4c6bfcdb05d04d63acacf0631f8eeee0c837fb81

Score
10/10
persistencesuricata

Malware Config

Targets

    • Target

      00f556f93fabf6766d5f859556a008eab39a176ba3c979cb143ad118506c33f8

    • Size

      361KB

    • MD5

      7bd0e512edd2194c38864df24bbaa71d

    • SHA1

      bc811c561cbde749b28f9f3b58f57b1ccc699f1a

    • SHA256

      00f556f93fabf6766d5f859556a008eab39a176ba3c979cb143ad118506c33f8

    • SHA512

      6f0ea99edf859f8a9fb58fd7cd23efcb7aa284323acb40f426c9eaa780f258c157f61b275ce4d24d359aa42b4c6bfcdb05d04d63acacf0631f8eeee0c837fb81

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

      suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)

      suricata

    • suricata: ET MALWARE Zbot POST Request to C2

      suricata: ET MALWARE Zbot POST Request to C2

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks