Overview

overview

10

Static

static

dc863c2b15...78.exe

windows7-x64

10

dc863c2b15...78.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc863c2b155b3e72ab29e5bc2ef9b163565e772c4250dc0bbf131bf033100f78

  • Size

    83KB

  • Sample

    221020-sm5aasahdj

  • MD5

    9049bf191917a227e1fffc4f0f80aa90

  • SHA1

    e56f0b6a7eb81e5f38cb7da359e56dd61b443030

  • SHA256

    dc863c2b155b3e72ab29e5bc2ef9b163565e772c4250dc0bbf131bf033100f78

  • SHA512

    20c09ee60ba0860d5ae1cffca7e24a47df95630864ad023b3f7ec16ab3346702546dbc67916a77336bff181ea32535e1c9d39a6292c4b8dba18932ba909c45a5

  • SSDEEP

    1536:sIWOv8sIxm87bbGwoLNqx+hAc1Xaq/rSyVEIhf49ZcNU:4OvGSOcd/zXak82NU

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      dc863c2b155b3e72ab29e5bc2ef9b163565e772c4250dc0bbf131bf033100f78

    • Size

      83KB

    • MD5

      9049bf191917a227e1fffc4f0f80aa90

    • SHA1

      e56f0b6a7eb81e5f38cb7da359e56dd61b443030

    • SHA256

      dc863c2b155b3e72ab29e5bc2ef9b163565e772c4250dc0bbf131bf033100f78

    • SHA512

      20c09ee60ba0860d5ae1cffca7e24a47df95630864ad023b3f7ec16ab3346702546dbc67916a77336bff181ea32535e1c9d39a6292c4b8dba18932ba909c45a5

    • SSDEEP

      1536:sIWOv8sIxm87bbGwoLNqx+hAc1Xaq/rSyVEIhf49ZcNU:4OvGSOcd/zXak82NU

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks