Overview

overview

10

Static

static

cd9dd83cb0...43.exe

windows7-x64

10

cd9dd83cb0...43.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cd9dd83cb08a0406cb6a940e458d7172cc09a1a49cac86f15b601a9f7fd84543

  • Size

    88KB

  • Sample

    221014-l87h8aagb8

  • MD5

    76b9593b7b1b4e1bb3296fb23b6f9507

  • SHA1

    954d3d752db56ebb2dc6fb801dcf7eaf2eda45fa

  • SHA256

    cd9dd83cb08a0406cb6a940e458d7172cc09a1a49cac86f15b601a9f7fd84543

  • SHA512

    e283c9ff829b7c319bbad489b22425b009d850abc1791f8be266260d5f0f6b4e68635fb387bc8173abdca6f81cf00ca94b88fa1d66392c99f9df8a5e64d96675

  • SSDEEP

    1536:bf9eJl4ZJzK3CdFGupcDAgZu38P7j+bID+ZXuTvorscL:L9NnOCOuMAg7j+0D+KvaL

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      cd9dd83cb08a0406cb6a940e458d7172cc09a1a49cac86f15b601a9f7fd84543

    • Size

      88KB

    • MD5

      76b9593b7b1b4e1bb3296fb23b6f9507

    • SHA1

      954d3d752db56ebb2dc6fb801dcf7eaf2eda45fa

    • SHA256

      cd9dd83cb08a0406cb6a940e458d7172cc09a1a49cac86f15b601a9f7fd84543

    • SHA512

      e283c9ff829b7c319bbad489b22425b009d850abc1791f8be266260d5f0f6b4e68635fb387bc8173abdca6f81cf00ca94b88fa1d66392c99f9df8a5e64d96675

    • SSDEEP

      1536:bf9eJl4ZJzK3CdFGupcDAgZu38P7j+bID+ZXuTvorscL:L9NnOCOuMAg7j+0D+KvaL

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks