Overview

overview

10

Static

static

a1eb043b5a...5f.exe

windows7-x64

10

a1eb043b5a...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1eb043b5a3073ee43e9f0ed0b0c953d24c82d07a76c854a9a7725ee0f52865f

  • Size

    244KB

  • Sample

    221020-l5d3haghf8

  • MD5

    96a30977030425f1ce019abc1c64cfa0

  • SHA1

    b3142566d362ba4b416c12552cc31c609d20a3d0

  • SHA256

    a1eb043b5a3073ee43e9f0ed0b0c953d24c82d07a76c854a9a7725ee0f52865f

  • SHA512

    b57029b28fa43d22fc7a1ae92171e9a5a406255f2871246ee4572ca5b93401b69c403e88d924f0c9608d14a1bb679621f7ab24dbd6410ebb562d21d993c81475

  • SSDEEP

    6144:NUSRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvj7r:NEPa4AHloZ7H8++/YfrLJmDISxLKApNC

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      a1eb043b5a3073ee43e9f0ed0b0c953d24c82d07a76c854a9a7725ee0f52865f

    • Size

      244KB

    • MD5

      96a30977030425f1ce019abc1c64cfa0

    • SHA1

      b3142566d362ba4b416c12552cc31c609d20a3d0

    • SHA256

      a1eb043b5a3073ee43e9f0ed0b0c953d24c82d07a76c854a9a7725ee0f52865f

    • SHA512

      b57029b28fa43d22fc7a1ae92171e9a5a406255f2871246ee4572ca5b93401b69c403e88d924f0c9608d14a1bb679621f7ab24dbd6410ebb562d21d993c81475

    • SSDEEP

      6144:NUSRXvYPaCFAHloZ7H8++/YfrLCPmmDISxLKA1fNUVvj7r:NEPa4AHloZ7H8++/YfrLJmDISxLKApNC

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks