Overview

overview

10

Static

static

9

3276db7f11...cf.exe

windows7-x64

10

3276db7f11...cf.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3276db7f11598eaafef62fc91e4ba3e74f1f0af026680354bd54fbf05047a7cf

  • Size

    52KB

  • Sample

    221011-w7ef6ahgeq

  • MD5

    25929b1fcca467376be28c16b343dfd1

  • SHA1

    47bcd0caa4dc7c2ded8d71123b1a9f809b7d0824

  • SHA256

    3276db7f11598eaafef62fc91e4ba3e74f1f0af026680354bd54fbf05047a7cf

  • SHA512

    8a7d6b0df939c9eba4571fdf52cac421fd22ba6f9b4bb3479424fe5c4b41bf1b3e5e3f296fc6bcaee631da8e24df4ca6d83be27f6ac802073e98250985d2c876

  • SSDEEP

    768:dQuv2gO+StVHnBWEPLTH+unLQgc9rbbJOzpHqmC:Bv2RtVbTH+urc9lOzpHx

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      3276db7f11598eaafef62fc91e4ba3e74f1f0af026680354bd54fbf05047a7cf

    • Size

      52KB

    • MD5

      25929b1fcca467376be28c16b343dfd1

    • SHA1

      47bcd0caa4dc7c2ded8d71123b1a9f809b7d0824

    • SHA256

      3276db7f11598eaafef62fc91e4ba3e74f1f0af026680354bd54fbf05047a7cf

    • SHA512

      8a7d6b0df939c9eba4571fdf52cac421fd22ba6f9b4bb3479424fe5c4b41bf1b3e5e3f296fc6bcaee631da8e24df4ca6d83be27f6ac802073e98250985d2c876

    • SSDEEP

      768:dQuv2gO+StVHnBWEPLTH+unLQgc9rbbJOzpHqmC:Bv2RtVbTH+urc9lOzpHx

    Score
    10/10
    evasionpersistence

    • Modifies firewall policy service

      evasion

    • Molebox Virtualization software

      Detects file using Molebox Virtualization software.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks