Overview

overview

10

Static

static

6beb38b239...19.exe

windows7-x64

10

6beb38b239...19.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6beb38b23964322e9fcc881ef51e7819

  • Size

    408KB

  • Sample

    221004-x5bg6acdhr

  • MD5

    6beb38b23964322e9fcc881ef51e7819

  • SHA1

    71277568877c51cbb7a741a21cf96fc2e18d9e18

  • SHA256

    85cfd8c4a34c7552ab58def454a0a286195f0522238406e4ab40e39724194c7a

  • SHA512

    93b9d0ef14d9bf0437936f1c83c3b028e767c9a95287e4d7eaf6d32d123e91cd47dbf15c9f6735378752c4523cba530ca949b7f3b780fe31007886bd612f77df

  • SSDEEP

    12288:4XgvmzFHi0mo5aH0qMzd58+7FksPJQPDHvd:4XgvOHi0mGaH0qSdlFkG4V

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      6beb38b23964322e9fcc881ef51e7819

    • Size

      408KB

    • MD5

      6beb38b23964322e9fcc881ef51e7819

    • SHA1

      71277568877c51cbb7a741a21cf96fc2e18d9e18

    • SHA256

      85cfd8c4a34c7552ab58def454a0a286195f0522238406e4ab40e39724194c7a

    • SHA512

      93b9d0ef14d9bf0437936f1c83c3b028e767c9a95287e4d7eaf6d32d123e91cd47dbf15c9f6735378752c4523cba530ca949b7f3b780fe31007886bd612f77df

    • SSDEEP

      12288:4XgvmzFHi0mo5aH0qMzd58+7FksPJQPDHvd:4XgvOHi0mGaH0qSdlFkG4V

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks