Overview

overview

10

Static

static

f5521c834e...8d.exe

windows7-x64

10

f5521c834e...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5521c834e536e84b9414abe2b6869d3234433974f8c0ff27f2b9c2e1975688d

  • Size

    172KB

  • Sample

    221029-3xxcjscdf3

  • MD5

    84e66171c4269dd4768ac4b24e146bf1

  • SHA1

    30c33b3f244a9ba3af1ced14c4d957532b766df1

  • SHA256

    f5521c834e536e84b9414abe2b6869d3234433974f8c0ff27f2b9c2e1975688d

  • SHA512

    1500a84f55cd501adf34faa7758f2cf5243bcfb56f846224de75d3871797f2771be2ac5b1d85287e09da026ffc6b8833f69192de02b319b5b462fbe6ca2115b9

  • SSDEEP

    3072:28xW50S95l3hrcBaTJyB/Rxmrl8akPZEes54:28WRgiGkl8FZ6u

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      f5521c834e536e84b9414abe2b6869d3234433974f8c0ff27f2b9c2e1975688d

    • Size

      172KB

    • MD5

      84e66171c4269dd4768ac4b24e146bf1

    • SHA1

      30c33b3f244a9ba3af1ced14c4d957532b766df1

    • SHA256

      f5521c834e536e84b9414abe2b6869d3234433974f8c0ff27f2b9c2e1975688d

    • SHA512

      1500a84f55cd501adf34faa7758f2cf5243bcfb56f846224de75d3871797f2771be2ac5b1d85287e09da026ffc6b8833f69192de02b319b5b462fbe6ca2115b9

    • SSDEEP

      3072:28xW50S95l3hrcBaTJyB/Rxmrl8akPZEes54:28WRgiGkl8FZ6u

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks