Overview

overview

10

Static

static

8dad54e962...5a.exe

windows7-x64

10

8dad54e962...5a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8dad54e96225bc800e13678b214f977b86cc0565c9ed062d37d65b080a02b65a

  • Size

    120KB

  • Sample

    221021-een2fsahc3

  • MD5

    5cc0a76967670f44416f129e078fba91

  • SHA1

    d03d8f9e018b801e0bde066472aec38331b229bf

  • SHA256

    8dad54e96225bc800e13678b214f977b86cc0565c9ed062d37d65b080a02b65a

  • SHA512

    82f3dbdf3bf309a9347197db1e941237454384bdf3223b24ea4f4b707bc20f090f44bee98c966db81b768dcde0e83d27484f56674fb733e846edbe9f2391c7c2

  • SSDEEP

    3072:zUAVEBetGFeqqE7/T9Fbl1a5bmXf66o4xBz1UxuIzZd:zPgeqqou5bmXf66oUBRUxuIzD

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      8dad54e96225bc800e13678b214f977b86cc0565c9ed062d37d65b080a02b65a

    • Size

      120KB

    • MD5

      5cc0a76967670f44416f129e078fba91

    • SHA1

      d03d8f9e018b801e0bde066472aec38331b229bf

    • SHA256

      8dad54e96225bc800e13678b214f977b86cc0565c9ed062d37d65b080a02b65a

    • SHA512

      82f3dbdf3bf309a9347197db1e941237454384bdf3223b24ea4f4b707bc20f090f44bee98c966db81b768dcde0e83d27484f56674fb733e846edbe9f2391c7c2

    • SSDEEP

      3072:zUAVEBetGFeqqE7/T9Fbl1a5bmXf66o4xBz1UxuIzZd:zPgeqqou5bmXf66oUBRUxuIzD

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks