Overview

overview

10

Static

static

98f970361b...b2.exe

windows7-x64

10

98f970361b...b2.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    98f970361bf8d0838057c73017822ad6689d3adc3aeb35eebce8ce8015507db2

  • Size

    230KB

  • Sample

    221021-ajqzdscgb4

  • MD5

    63910bbec02d2249468b4f7da50b3395

  • SHA1

    3948b9e5fa323a7ee1e61fff6e61ac879176aef0

  • SHA256

    98f970361bf8d0838057c73017822ad6689d3adc3aeb35eebce8ce8015507db2

  • SHA512

    e684aa3cd26fca577b22a49134fdffa3583db4cda8aa427218928be95f8aadd8bc35b83e6aa782bf8fb6f0cb266e9d3b2e2b3776f55aa24403bb64a3eb65cfa5

  • SSDEEP

    6144:i3C8kHwnQBgk2SyTA8h/GSZlY7INAr8dBiayt:iSTiW2zTrMSs7IVK

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      98f970361bf8d0838057c73017822ad6689d3adc3aeb35eebce8ce8015507db2

    • Size

      230KB

    • MD5

      63910bbec02d2249468b4f7da50b3395

    • SHA1

      3948b9e5fa323a7ee1e61fff6e61ac879176aef0

    • SHA256

      98f970361bf8d0838057c73017822ad6689d3adc3aeb35eebce8ce8015507db2

    • SHA512

      e684aa3cd26fca577b22a49134fdffa3583db4cda8aa427218928be95f8aadd8bc35b83e6aa782bf8fb6f0cb266e9d3b2e2b3776f55aa24403bb64a3eb65cfa5

    • SSDEEP

      6144:i3C8kHwnQBgk2SyTA8h/GSZlY7INAr8dBiayt:iSTiW2zTrMSs7IVK

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks