Overview

overview

10

Static

static

a2ff6782f6...b6.exe

windows7-x64

10

a2ff6782f6...b6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a2ff6782f66feda136d8f1834a51bbd9c1435a167f51aaed606feddd35abf9b6

  • Size

    132KB

  • Sample

    221004-ekwngsbehn

  • MD5

    4b59d918a65cfb6e545ca113ef4a9051

  • SHA1

    455dd67eb9d8f716f010c4b3d4bfefdf45cfbb0e

  • SHA256

    a2ff6782f66feda136d8f1834a51bbd9c1435a167f51aaed606feddd35abf9b6

  • SHA512

    07fdc7d17b156259942fe769273925d0812f757dff7dbaf3b89d1fcc7b4026a668e14d82d579641350a0c925df7cb84351a0779abd4129a0b2f2eeb1c5af8665

  • SSDEEP

    3072:Ml7/VcpCzZz6nUlkRBq1rkYzHL7/GMA0W:o7tjiArkcHfQ

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      a2ff6782f66feda136d8f1834a51bbd9c1435a167f51aaed606feddd35abf9b6

    • Size

      132KB

    • MD5

      4b59d918a65cfb6e545ca113ef4a9051

    • SHA1

      455dd67eb9d8f716f010c4b3d4bfefdf45cfbb0e

    • SHA256

      a2ff6782f66feda136d8f1834a51bbd9c1435a167f51aaed606feddd35abf9b6

    • SHA512

      07fdc7d17b156259942fe769273925d0812f757dff7dbaf3b89d1fcc7b4026a668e14d82d579641350a0c925df7cb84351a0779abd4129a0b2f2eeb1c5af8665

    • SSDEEP

      3072:Ml7/VcpCzZz6nUlkRBq1rkYzHL7/GMA0W:o7tjiArkcHfQ

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks