Overview

overview

10

Static

static

c3e144f23d...31.exe

windows7-x64

10

c3e144f23d...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3e144f23d77a8368bbb2be2d39fe8648ee9512fd6acbfa3b9cee1043f153f31

  • Size

    112KB

  • Sample

    221012-rb9j7seegl

  • MD5

    55a29880b3c0b856553d06d6038dd6e0

  • SHA1

    5ba18377bbb7dd4064fc34c6362636d710fdc367

  • SHA256

    c3e144f23d77a8368bbb2be2d39fe8648ee9512fd6acbfa3b9cee1043f153f31

  • SHA512

    ef1667ecc920a89a7e9b7896e1bcaa361ffe7effe9296bd5785c4a477f4b28fc364a1987db3045ac3585b644b3de8e4b27767852a8b51a98e800b3e07b1dfdf5

  • SSDEEP

    1536:ShlVke+XuQa6cRvyG7BjqswYuKA4aBCEFwOq4CRRH3mKhybARA:1BCsGoSuKA427+0K+H

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      c3e144f23d77a8368bbb2be2d39fe8648ee9512fd6acbfa3b9cee1043f153f31

    • Size

      112KB

    • MD5

      55a29880b3c0b856553d06d6038dd6e0

    • SHA1

      5ba18377bbb7dd4064fc34c6362636d710fdc367

    • SHA256

      c3e144f23d77a8368bbb2be2d39fe8648ee9512fd6acbfa3b9cee1043f153f31

    • SHA512

      ef1667ecc920a89a7e9b7896e1bcaa361ffe7effe9296bd5785c4a477f4b28fc364a1987db3045ac3585b644b3de8e4b27767852a8b51a98e800b3e07b1dfdf5

    • SSDEEP

      1536:ShlVke+XuQa6cRvyG7BjqswYuKA4aBCEFwOq4CRRH3mKhybARA:1BCsGoSuKA427+0K+H

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks