Overview

overview

10

Static

static

7b5772fe09...51.exe

windows7-x64

10

7b5772fe09...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b5772fe091f6e76f99afbf43fbcd50249a20d8662a7b7e19ce3a598ebed2b51

  • Size

    128KB

  • Sample

    221029-tq2t1seegm

  • MD5

    83fe5e712ff3b9d8380a435b2235f7a0

  • SHA1

    98a1f24a23b0f5e5ada070e3f9cc3303378dc566

  • SHA256

    7b5772fe091f6e76f99afbf43fbcd50249a20d8662a7b7e19ce3a598ebed2b51

  • SHA512

    6bb0b1a9d47c96fcab7e6d00438fb19785a7acd24ee7a726ad1a31b8229cc5a2a243a0a2eb2f4d6c009cb59c6bc696a8990343172f9ca7c9aa47e065aa288ac2

  • SSDEEP

    3072:VBkpb8mOOgnsYA2LHVa9POE9JLLoZYgKJvBU6:3Qb8m1MW2L1a9POEv9gaa6

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      7b5772fe091f6e76f99afbf43fbcd50249a20d8662a7b7e19ce3a598ebed2b51

    • Size

      128KB

    • MD5

      83fe5e712ff3b9d8380a435b2235f7a0

    • SHA1

      98a1f24a23b0f5e5ada070e3f9cc3303378dc566

    • SHA256

      7b5772fe091f6e76f99afbf43fbcd50249a20d8662a7b7e19ce3a598ebed2b51

    • SHA512

      6bb0b1a9d47c96fcab7e6d00438fb19785a7acd24ee7a726ad1a31b8229cc5a2a243a0a2eb2f4d6c009cb59c6bc696a8990343172f9ca7c9aa47e065aa288ac2

    • SSDEEP

      3072:VBkpb8mOOgnsYA2LHVa9POE9JLLoZYgKJvBU6:3Qb8m1MW2L1a9POEv9gaa6

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks