Overview

overview

8

Static

static

5

26cc8372a4...db.exe

windows7_x64

8

26cc8372a4...db.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26cc8372a4e8eeb5f03f03d1b86b8e308c6f45552cbd42dc1ecbf8ccc7d1e0db

  • Size

    818KB

  • Sample

    220616-h4nzjagedm

  • MD5

    05e074a8fd3672396b4a9f2a271ba17d

  • SHA1

    82e1890207edee593eeda5133024f88e42a41486

  • SHA256

    26cc8372a4e8eeb5f03f03d1b86b8e308c6f45552cbd42dc1ecbf8ccc7d1e0db

  • SHA512

    fbadd65c6d788bcb40a6316e1762563b7a9c3908b8e1b28efa1fba5274adf60d2858cee4fc34555ae034455a32559162331b059bad49abcdd1341f28b247413f

Score
8/10
persistence

Malware Config

Targets

    • Target

      26cc8372a4e8eeb5f03f03d1b86b8e308c6f45552cbd42dc1ecbf8ccc7d1e0db

    • Size

      818KB

    • MD5

      05e074a8fd3672396b4a9f2a271ba17d

    • SHA1

      82e1890207edee593eeda5133024f88e42a41486

    • SHA256

      26cc8372a4e8eeb5f03f03d1b86b8e308c6f45552cbd42dc1ecbf8ccc7d1e0db

    • SHA512

      fbadd65c6d788bcb40a6316e1762563b7a9c3908b8e1b28efa1fba5274adf60d2858cee4fc34555ae034455a32559162331b059bad49abcdd1341f28b247413f

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks