Overview

overview

10

Static

static

e16af980a8...40.exe

windows7-x64

10

e16af980a8...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e16af980a80f87d6e36c761e7fb75f8dcd0394beec3926aceb1a5d848db85040

  • Size

    262KB

  • Sample

    221002-at5kjadgd5

  • MD5

    6e2201227878e8c95f41af95e7ec0130

  • SHA1

    b0bd08b15c849d36c59d45a1aadfbc60ed39d54b

  • SHA256

    e16af980a80f87d6e36c761e7fb75f8dcd0394beec3926aceb1a5d848db85040

  • SHA512

    cc9947cac2b669cb5b945b3849205b471726b04626a9c5fa448b6bc6817220a584c6d4dd11a76eca90aa7721bddb8dbeca8387f0864ee8581fa3b09aa19bc694

  • SSDEEP

    6144:5GuUhx/T6VpcVmcOClV7cN1kyymJuc4ECm:5GBTmiIAZa

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      e16af980a80f87d6e36c761e7fb75f8dcd0394beec3926aceb1a5d848db85040

    • Size

      262KB

    • MD5

      6e2201227878e8c95f41af95e7ec0130

    • SHA1

      b0bd08b15c849d36c59d45a1aadfbc60ed39d54b

    • SHA256

      e16af980a80f87d6e36c761e7fb75f8dcd0394beec3926aceb1a5d848db85040

    • SHA512

      cc9947cac2b669cb5b945b3849205b471726b04626a9c5fa448b6bc6817220a584c6d4dd11a76eca90aa7721bddb8dbeca8387f0864ee8581fa3b09aa19bc694

    • SSDEEP

      6144:5GuUhx/T6VpcVmcOClV7cN1kyymJuc4ECm:5GBTmiIAZa

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks