Overview

overview

10

Static

static

24e73eeeaf...2e.exe

windows7-x64

10

24e73eeeaf...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24e73eeeaf351ad18d9eb19fd6f2262a5e6008385c2ea1a31c2a4b2c8e5e0f2e

  • Size

    132KB

  • Sample

    221002-2kwd2sdfg7

  • MD5

    0732bd2d1efb34f52839beba6fd46a30

  • SHA1

    84dce567a0a27d1f834d6d94f1372c0f8abbf730

  • SHA256

    24e73eeeaf351ad18d9eb19fd6f2262a5e6008385c2ea1a31c2a4b2c8e5e0f2e

  • SHA512

    afa11ce00e01ef66e89acff982dc8ec61e072356bc7bf54ff6cea046de828a3eaf78748d69e5cc597e0ab2dcb85dcbff927ef4eaaf10f95f73a8356ef0f8b9ca

  • SSDEEP

    1536:37lrzlufi5SSJlDmq1oC7QScOMsPnsVt9IgadSMdIngc9X50pzhTB3vq24m582JI:qYRW0fG3USUk74hThTNPeB+AJ8k9X

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      24e73eeeaf351ad18d9eb19fd6f2262a5e6008385c2ea1a31c2a4b2c8e5e0f2e

    • Size

      132KB

    • MD5

      0732bd2d1efb34f52839beba6fd46a30

    • SHA1

      84dce567a0a27d1f834d6d94f1372c0f8abbf730

    • SHA256

      24e73eeeaf351ad18d9eb19fd6f2262a5e6008385c2ea1a31c2a4b2c8e5e0f2e

    • SHA512

      afa11ce00e01ef66e89acff982dc8ec61e072356bc7bf54ff6cea046de828a3eaf78748d69e5cc597e0ab2dcb85dcbff927ef4eaaf10f95f73a8356ef0f8b9ca

    • SSDEEP

      1536:37lrzlufi5SSJlDmq1oC7QScOMsPnsVt9IgadSMdIngc9X50pzhTB3vq24m582JI:qYRW0fG3USUk74hThTNPeB+AJ8k9X

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks