Overview

overview

8

Static

static

622ac6e6c4...27.exe

windows7-x64

8

622ac6e6c4...27.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eee8627571f505762f99fa76a00dd49b

  • Size

    545KB

  • Sample

    221026-b4grwseeb8

  • MD5

    7a01ed4f3eccd02972956a4fe3916c83

  • SHA1

    330a4ed2fe8c7f31edd9bb0bf8c6f7b7fb65b27b

  • SHA256

    52978f4a3a49db94af4d3b9ff0330d894403a447d84146d7f05f150b7ab2b321

  • SHA512

    1c2df960bdb6911e6dd4f18ae440949d9d580f1cebc72ddcaf142c6fb892dcba47f8381b9af090f1cac8f79ea222042bc66472e6c743ce4baf1c996d6992239a

  • SSDEEP

    12288:+2o6M4p0nqiSbDeL1dE93qgs+1nIP/KxJb2lqvgi6KNE0JNJlvx3:+OM4pPvK1dEpf/CKx9+0gi6KyUlJ3

Score
8/10
persistence

Malware Config

Targets

    • Target

      622ac6e6c465d0d04af81a23edba7778728afb79afe60bcb9aff1a618b217b27

    • Size

      672KB

    • MD5

      eee8627571f505762f99fa76a00dd49b

    • SHA1

      2c86f6e468c7e0fdc84c548dc9803279197d5884

    • SHA256

      622ac6e6c465d0d04af81a23edba7778728afb79afe60bcb9aff1a618b217b27

    • SHA512

      b67035a0514aad6c500c87525067f1aebb8fdff8098f077b5223095ed1b97adfd011ca19a48cb2e79b0b14f4e33c36c2cd4aa3560d454de01319d53659a4a6c5

    • SSDEEP

      12288:IHmEbWA+E5OqBv2/K6z/c/v/RHRdre26fzPBnwYyaoprgm0aau8TItO:IHmJCOUuS6z/c5HeZbBnwYytprgyaHEc

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks