Overview

overview

10

Static

static

6ef4342c42...6b.exe

windows7-x64

10

6ef4342c42...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ef4342c42b024a67d918ae5b0b2691da4f0a8350e30474b3377cf02355ed16b

  • Size

    148KB

  • Sample

    221002-2kt6zsdfg5

  • MD5

    3ea591b889fcd02767178b069aca0d40

  • SHA1

    89e6a5926e59687b24b03e6a6930581f64d89d29

  • SHA256

    6ef4342c42b024a67d918ae5b0b2691da4f0a8350e30474b3377cf02355ed16b

  • SHA512

    616ee92e704745d1b1c9a4a6bed1c92a920e731a988534fa6fd50f135a8384627dd0e37cebea7aadc02d3b639de389e441df6d048f4df9b12a0815a0b736d12b

  • SSDEEP

    3072:vUbppSu/cFbX6+CbJ/KJ6LCJtYCkiTy3NEc3cKw6ttURx:vU10vVx6OpkkyKkPw6Av

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      6ef4342c42b024a67d918ae5b0b2691da4f0a8350e30474b3377cf02355ed16b

    • Size

      148KB

    • MD5

      3ea591b889fcd02767178b069aca0d40

    • SHA1

      89e6a5926e59687b24b03e6a6930581f64d89d29

    • SHA256

      6ef4342c42b024a67d918ae5b0b2691da4f0a8350e30474b3377cf02355ed16b

    • SHA512

      616ee92e704745d1b1c9a4a6bed1c92a920e731a988534fa6fd50f135a8384627dd0e37cebea7aadc02d3b639de389e441df6d048f4df9b12a0815a0b736d12b

    • SSDEEP

      3072:vUbppSu/cFbX6+CbJ/KJ6LCJtYCkiTy3NEc3cKw6ttURx:vU10vVx6OpkkyKkPw6Av

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks