Overview

overview

10

Static

static

c353fb02fd...1a.exe

windows7-x64

10

c353fb02fd...1a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c353fb02fdb1b255bb240e8c0bb110ff1f2aa00cef7ddbf6c01191af7c87011a

  • Size

    105KB

  • Sample

    221011-lmdn1sgehj

  • MD5

    460361937f3f63f107315d195eb38c56

  • SHA1

    0ece1f2c62d62bfbe127b588ef1bc26bd9afade9

  • SHA256

    c353fb02fdb1b255bb240e8c0bb110ff1f2aa00cef7ddbf6c01191af7c87011a

  • SHA512

    a989d778d6d4dbdbb19b9a3fdc18888c859b4273856288d19fd10baaf8ce4a5b055e5ebe6afed287e670b4a129545ed47046577fdba93552adc3a5d96c0442dd

  • SSDEEP

    3072:Gz5s6DhjVs8sjwqwlLujC+52Xa5kxJQy8FN:Is2hMjw/coK5++z

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      c353fb02fdb1b255bb240e8c0bb110ff1f2aa00cef7ddbf6c01191af7c87011a

    • Size

      105KB

    • MD5

      460361937f3f63f107315d195eb38c56

    • SHA1

      0ece1f2c62d62bfbe127b588ef1bc26bd9afade9

    • SHA256

      c353fb02fdb1b255bb240e8c0bb110ff1f2aa00cef7ddbf6c01191af7c87011a

    • SHA512

      a989d778d6d4dbdbb19b9a3fdc18888c859b4273856288d19fd10baaf8ce4a5b055e5ebe6afed287e670b4a129545ed47046577fdba93552adc3a5d96c0442dd

    • SSDEEP

      3072:Gz5s6DhjVs8sjwqwlLujC+52Xa5kxJQy8FN:Is2hMjw/coK5++z

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks