Overview

overview

8

Static

static

16b6cac2c5...73.exe

windows7-x64

8

16b6cac2c5...73.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    16b6cac2c59b5e825684e20e72298850fdc1b9707d261eabb91e88c238dcf973

  • Size

    653KB

  • Sample

    221030-nvgrrahcg3

  • MD5

    7f53bd346252b0b61815f401d461171a

  • SHA1

    969d1f386e5305d0904c40ce01e3be873bf4c0c5

  • SHA256

    16b6cac2c59b5e825684e20e72298850fdc1b9707d261eabb91e88c238dcf973

  • SHA512

    d86b145a63ccb71bbeb88664d9b641f558aac236314bba490ef9927e77db325d489ab5d714bf2f9a6b6a7c70c8e933b4dc07d11f7dd287ce2915c472587b3d34

  • SSDEEP

    12288:l/iSu7Kp081EFbfcjTBJgSFghJys9WDksIiCerNc9fEiQsBc4KtyUDl:l/iPoO2jTBFAys9APGVSbsi4u

Score
8/10
persistence

Malware Config

Targets

    • Target

      16b6cac2c59b5e825684e20e72298850fdc1b9707d261eabb91e88c238dcf973

    • Size

      653KB

    • MD5

      7f53bd346252b0b61815f401d461171a

    • SHA1

      969d1f386e5305d0904c40ce01e3be873bf4c0c5

    • SHA256

      16b6cac2c59b5e825684e20e72298850fdc1b9707d261eabb91e88c238dcf973

    • SHA512

      d86b145a63ccb71bbeb88664d9b641f558aac236314bba490ef9927e77db325d489ab5d714bf2f9a6b6a7c70c8e933b4dc07d11f7dd287ce2915c472587b3d34

    • SSDEEP

      12288:l/iSu7Kp081EFbfcjTBJgSFghJys9WDksIiCerNc9fEiQsBc4KtyUDl:l/iPoO2jTBFAys9APGVSbsi4u

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks