Overview

overview

10

Static

static

5

2d4d05b631...72.exe

windows7-x64

10

2d4d05b631...72.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2d4d05b631706435636bcbeab5146fcc390cc5d44f5f57f462684a391feecd72

  • Size

    833KB

  • Sample

    221002-l7x86aafd7

  • MD5

    70a2b52b1f35c6f84a0e740409101970

  • SHA1

    646d939a9c6584fc332e22ea77c46739d6844efd

  • SHA256

    2d4d05b631706435636bcbeab5146fcc390cc5d44f5f57f462684a391feecd72

  • SHA512

    00492365ba34785f1515f95cc855b8e4a3a02ba61e836acff3a5f48ad17f5da21e326bf2c74b4b17100b4fe86ba8b835b5410e23b579b639210bde957d568090

  • SSDEEP

    24576:LRmJkcoQricOIQxiZY1iawduFAGDT0q7qH:IJZoQrbTFZY1iawmDYIm

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      2d4d05b631706435636bcbeab5146fcc390cc5d44f5f57f462684a391feecd72

    • Size

      833KB

    • MD5

      70a2b52b1f35c6f84a0e740409101970

    • SHA1

      646d939a9c6584fc332e22ea77c46739d6844efd

    • SHA256

      2d4d05b631706435636bcbeab5146fcc390cc5d44f5f57f462684a391feecd72

    • SHA512

      00492365ba34785f1515f95cc855b8e4a3a02ba61e836acff3a5f48ad17f5da21e326bf2c74b4b17100b4fe86ba8b835b5410e23b579b639210bde957d568090

    • SSDEEP

      24576:LRmJkcoQricOIQxiZY1iawduFAGDT0q7qH:IJZoQrbTFZY1iawmDYIm

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks