Overview

overview

10

Static

static

7ac67d79ce...f2.exe

windows7-x64

10

7ac67d79ce...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ac67d79ce72e15bd378aa51c0186b6e4c5e7f42e541c10eda1ff429aa7ef7f2

  • Size

    520KB

  • Sample

    221020-23wsjaadhk

  • MD5

    43e7243b4aca6cac46c6cfb738ff86c0

  • SHA1

    6c4368754da1e6b3997118a6257ec8808c6d42ff

  • SHA256

    7ac67d79ce72e15bd378aa51c0186b6e4c5e7f42e541c10eda1ff429aa7ef7f2

  • SHA512

    135329c2c81961d59120a97605f5926feb412020e618d836628fbd27cc32711c9603b02cfb3657b152d4966716cd08159d7a33abecfef0f1be79ed77c9d3c8ac

  • SSDEEP

    12288:/6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgv1E:AvdezCByqTtlMQsFuqzRbzI7IOE

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      7ac67d79ce72e15bd378aa51c0186b6e4c5e7f42e541c10eda1ff429aa7ef7f2

    • Size

      520KB

    • MD5

      43e7243b4aca6cac46c6cfb738ff86c0

    • SHA1

      6c4368754da1e6b3997118a6257ec8808c6d42ff

    • SHA256

      7ac67d79ce72e15bd378aa51c0186b6e4c5e7f42e541c10eda1ff429aa7ef7f2

    • SHA512

      135329c2c81961d59120a97605f5926feb412020e618d836628fbd27cc32711c9603b02cfb3657b152d4966716cd08159d7a33abecfef0f1be79ed77c9d3c8ac

    • SSDEEP

      12288:/6bvdl0zCB8EDItMTzwg7lMQsvNuqZBRbZEYTwdD7IjLgv1E:AvdezCByqTtlMQsFuqzRbzI7IOE

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks