Overview

overview

10

Static

static

SnowFairy.exe

windows7-x64

10

SnowFairy.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7a9305708f1ecc3b658c1fe02447b24043eefa0722a4707a5868be566793dded

  • Size

    510KB

  • Sample

    220919-jsmsrsbbgj

  • MD5

    a4f3d5892c70b11b24d0ca5d2e9e2abd

  • SHA1

    c691d7c4643fd5f85e24568f55a4e3433f5347a8

  • SHA256

    7a9305708f1ecc3b658c1fe02447b24043eefa0722a4707a5868be566793dded

  • SHA512

    3bfc309d2a44c748a9ff5f321d0bd5ff9c00d4db3abe6f865331c3b51216d7edb072095b630787fa47bc7460208d4f55593d3906a94a1f9bbfaa49ce830eb183

  • SSDEEP

    12288:wQDUG2nsZ3yKVy8hPoHb2KpW7ca/q/xKF9IuV0jVjC:wQDWnLKVymw3xxeFORC

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      SnowFairy.exe

    • Size

      593KB

    • MD5

      651c7c49229bbc97eb1dd9f48a27cda3

    • SHA1

      bd8099af11fc1541be14207b1639d90be5c65b48

    • SHA256

      ca4f28bc4a5e54afb96d2b5191afc15fb8f4ba25b9b8e85fbfe52d251de2854e

    • SHA512

      96699af311fd025596e7bf97a57f63dcfa9e3ccdc53e7598e7a59496e14f6bf2df1dbbdc6c3f0b3632c6edfe5f5d0cefb423ab4a4668867596c5567055664bdc

    • SSDEEP

      12288:36pTX5CA23yiby85poHb2KNW7cC/6/fKF9AuV0jDf:qhpC4iby0CfRfeRO3

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks