Overview

overview

10

Static

static

ecfdc304a7...3b.exe

windows7-x64

10

ecfdc304a7...3b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ecfdc304a74bc10896173123e83bd95cbd2fd67ce4442b2e51ab8ee66d7ab33b

  • Size

    540KB

  • Sample

    221030-d4adxsbdgk

  • MD5

    83d03c73f1e18c786eb4dbbd11ae5ec0

  • SHA1

    a4eb1fb01eb9c10b1253e0d6f3401ab46f628581

  • SHA256

    ecfdc304a74bc10896173123e83bd95cbd2fd67ce4442b2e51ab8ee66d7ab33b

  • SHA512

    6b0ef6ea04554642b3e73644e19e6cdcaa305d37acade260fe76036163b68f9592bd8b26413dfd276f89396c790b2848ee58234b7106d844ea11ff028aa82352

  • SSDEEP

    12288:BJWpXr49pjpoqnwEf/k2SzOAnkSi+fy3+tVRS:Bir49MoN/kjnQ+fTVRS

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      ecfdc304a74bc10896173123e83bd95cbd2fd67ce4442b2e51ab8ee66d7ab33b

    • Size

      540KB

    • MD5

      83d03c73f1e18c786eb4dbbd11ae5ec0

    • SHA1

      a4eb1fb01eb9c10b1253e0d6f3401ab46f628581

    • SHA256

      ecfdc304a74bc10896173123e83bd95cbd2fd67ce4442b2e51ab8ee66d7ab33b

    • SHA512

      6b0ef6ea04554642b3e73644e19e6cdcaa305d37acade260fe76036163b68f9592bd8b26413dfd276f89396c790b2848ee58234b7106d844ea11ff028aa82352

    • SSDEEP

      12288:BJWpXr49pjpoqnwEf/k2SzOAnkSi+fy3+tVRS:Bir49MoN/kjnQ+fTVRS

    Score
    10/10
    evasionpersistencetrojan

    • Modifies firewall policy service

      evasion

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks