Overview

overview

10

Static

static

56142f28d4...6b.exe

windows7-x64

10

56142f28d4...6b.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56142f28d4f2b73dbe87b438c3ced7453cf1044297077e16781ad1730aed866b

  • Size

    253KB

  • Sample

    220725-gmr47ahfel

  • MD5

    7df89bf9acbc92993a3e1ce56ac06621

  • SHA1

    827edec82135e2dd7c80c90fa7ab8b03905bc6a5

  • SHA256

    56142f28d4f2b73dbe87b438c3ced7453cf1044297077e16781ad1730aed866b

  • SHA512

    ed63345e2f380dc5e75343312cc44ee9f845539d46d6ca89a3a4d5a9ef04f6e40f63894370bcbaf34684a970bb6ee490f5c885b0dc6090ea45d4790a4ced1ce5

Score
10/10
discoverysuricata

Malware Config

Targets

    • Target

      56142f28d4f2b73dbe87b438c3ced7453cf1044297077e16781ad1730aed866b

    • Size

      253KB

    • MD5

      7df89bf9acbc92993a3e1ce56ac06621

    • SHA1

      827edec82135e2dd7c80c90fa7ab8b03905bc6a5

    • SHA256

      56142f28d4f2b73dbe87b438c3ced7453cf1044297077e16781ad1730aed866b

    • SHA512

      ed63345e2f380dc5e75343312cc44ee9f845539d46d6ca89a3a4d5a9ef04f6e40f63894370bcbaf34684a970bb6ee490f5c885b0dc6090ea45d4790a4ced1ce5

    Score
    10/10
    discoverysuricata

    • suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

      suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole

      suricata

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks