Overview

overview

10

Static

static

8e949e2926...17.dll

windows7-x64

10

8e949e2926...17.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e949e29263b03068494c7575186800b415eee20a12ebbbbf42d25f3d5f07c17

  • Size

    220KB

  • Sample

    221011-ct4z4sbaam

  • MD5

    6314ee24ce37b1b58a5cc56d2db97a82

  • SHA1

    68cdcdce42415574c26fca8b85890107cd546623

  • SHA256

    8e949e29263b03068494c7575186800b415eee20a12ebbbbf42d25f3d5f07c17

  • SHA512

    c35871d10fbae39c8a68ffdfe0a2d95124220b935572347560c7bb2c14b6aebb85c82b57fdaaf260dc5bda1d20b097520ae68dc858682efd87d4189e34835156

  • SSDEEP

    3072:992AyxWjzqTP74jLfJYlbPrLQE3Tv5LydpMjmhTAHQJHgu0ykMeYHzRyAl/JF:z2ZWjzeP7kGrVQjh8wJZ3hlzRyQxF

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      8e949e29263b03068494c7575186800b415eee20a12ebbbbf42d25f3d5f07c17

    • Size

      220KB

    • MD5

      6314ee24ce37b1b58a5cc56d2db97a82

    • SHA1

      68cdcdce42415574c26fca8b85890107cd546623

    • SHA256

      8e949e29263b03068494c7575186800b415eee20a12ebbbbf42d25f3d5f07c17

    • SHA512

      c35871d10fbae39c8a68ffdfe0a2d95124220b935572347560c7bb2c14b6aebb85c82b57fdaaf260dc5bda1d20b097520ae68dc858682efd87d4189e34835156

    • SSDEEP

      3072:992AyxWjzqTP74jLfJYlbPrLQE3Tv5LydpMjmhTAHQJHgu0ykMeYHzRyAl/JF:z2ZWjzeP7kGrVQjh8wJZ3hlzRyQxF

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks