Overview

overview

10

Static

static

c1a9401ca7...94.exe

windows7-x64

10

c1a9401ca7...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1a9401ca7e1b5c9a7028b3f85ad4c0fe0baeb81e8910462aac2407676067794

  • Size

    120KB

  • Sample

    221019-spq6fsdgal

  • MD5

    a135ca890d4b68f7d1be3dea5fa47330

  • SHA1

    54a1dd6be3d94d128331517d407a909121fd417f

  • SHA256

    c1a9401ca7e1b5c9a7028b3f85ad4c0fe0baeb81e8910462aac2407676067794

  • SHA512

    a6d54d7f84743887bfeeb80ff6f010e78463e5d14d3434183c5bd7b926f36b915339d3673d686b5b80c9bb4aa6939d294a7036b6e67e33f45ac044ad8b4c280c

  • SSDEEP

    3072:dUtdUkofMiT5QgK3yiDnmXf66o4xBz1UxuIIu5:dm9iTVCnnmXf66oUBRUxuID5

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      c1a9401ca7e1b5c9a7028b3f85ad4c0fe0baeb81e8910462aac2407676067794

    • Size

      120KB

    • MD5

      a135ca890d4b68f7d1be3dea5fa47330

    • SHA1

      54a1dd6be3d94d128331517d407a909121fd417f

    • SHA256

      c1a9401ca7e1b5c9a7028b3f85ad4c0fe0baeb81e8910462aac2407676067794

    • SHA512

      a6d54d7f84743887bfeeb80ff6f010e78463e5d14d3434183c5bd7b926f36b915339d3673d686b5b80c9bb4aa6939d294a7036b6e67e33f45ac044ad8b4c280c

    • SSDEEP

      3072:dUtdUkofMiT5QgK3yiDnmXf66o4xBz1UxuIIu5:dm9iTVCnnmXf66oUBRUxuID5

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks