Overview

overview

9

Static

static

9

6a3542c269...12.exe

windows7_x64

1

6a3542c269...12.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a3542c26946baa66058b7d65dfe1712

  • Size

    1.9MB

  • Sample

    220603-aqf3rsgcbj

  • MD5

    6a3542c26946baa66058b7d65dfe1712

  • SHA1

    975b229b48a3405706d894781f01c5c818f12cae

  • SHA256

    89c0205613a95fe8d158fc5736248fc15b0e221a8bd5247c727f96863ad0276c

  • SHA512

    81a10f665996316b687f608bd0a25904597a8c6fa09c1ed7610f7e5d3922c2273a8fed75e23c0af524815dfc110f633926220123b265e99cd90a0b540ace0026

Score
9/10
cryptoneevasionpacker

Malware Config

Targets

    • Target

      6a3542c26946baa66058b7d65dfe1712

    • Size

      1.9MB

    • MD5

      6a3542c26946baa66058b7d65dfe1712

    • SHA1

      975b229b48a3405706d894781f01c5c818f12cae

    • SHA256

      89c0205613a95fe8d158fc5736248fc15b0e221a8bd5247c727f96863ad0276c

    • SHA512

      81a10f665996316b687f608bd0a25904597a8c6fa09c1ed7610f7e5d3922c2273a8fed75e23c0af524815dfc110f633926220123b265e99cd90a0b540ace0026

    Score
    8/10
    evasion

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasion

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks