b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de | Triage

Submit
Reports

Overview

overview

Static

static

5

b4de403ac4...de.exe

windows7-x64

b4de403ac4...de.exe

windows10-2004-x64

Sharing

General

Target

b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de
Size

778KB
Sample

221028-15aseahdf7
MD5

0ce7da27c1c757bcafec6ccfc06d95a0
SHA1

ceb6d9839533a91098e20dec49f8774925babe5c
SHA256

b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de
SHA512

8cb4b31a78c3dee520b202c770facf291544faf55b90eb4be4a1a68e2eeddc1d404c4b7a87008f474572b02da602b181e3006c05b274e5f88944b5236ba651e1
SSDEEP

12288:+hkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aAUuVHmNXDSqV3SxBiAszV:ORmJkcoQricOIQxiZY1iaRFNOqZ4BirV

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de
- Size
  
  778KB
- MD5
  
  0ce7da27c1c757bcafec6ccfc06d95a0
- SHA1
  
  ceb6d9839533a91098e20dec49f8774925babe5c
- SHA256
  
  b4de403ac4ea353768eac0f8341508383cdcd6a6fc11f48ec9503a21726845de
- SHA512
  
  8cb4b31a78c3dee520b202c770facf291544faf55b90eb4be4a1a68e2eeddc1d404c4b7a87008f474572b02da602b181e3006c05b274e5f88944b5236ba651e1
- SSDEEP
  
  12288:+hkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aAUuVHmNXDSqV3SxBiAszV:ORmJkcoQricOIQxiZY1iaRFNOqZ4BirV
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy