Overview

overview

10

Static

static

48b61a3958...9c.exe

windows7-x64

10

48b61a3958...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48b61a3958cde556eb4e899e7b50ff0a7aa36442f766e3509837a1ca73ebba9c

  • Size

    113KB

  • Sample

    221107-zwppjabffk

  • MD5

    0e5adb6baacb5b11296a6520e63bc676

  • SHA1

    6116f7d37cd32a127eb753c0966f5f0e913d23c4

  • SHA256

    48b61a3958cde556eb4e899e7b50ff0a7aa36442f766e3509837a1ca73ebba9c

  • SHA512

    c259f0fbdd4e5fdbf1743d9850e842a9992066a32756cc185c9047f537be2beb1bffc6ce7ea67bbeabc8ce278c9925aed3caba57e276e6b32d699e11135b8956

  • SSDEEP

    1536:48h4AMg7XJUoATsoLfcgNKhX0QRehne4cvh+NJ2uIp2xPr1qmdRmw:HMg7WTxjcdRehneVk2uIpQduw

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      48b61a3958cde556eb4e899e7b50ff0a7aa36442f766e3509837a1ca73ebba9c

    • Size

      113KB

    • MD5

      0e5adb6baacb5b11296a6520e63bc676

    • SHA1

      6116f7d37cd32a127eb753c0966f5f0e913d23c4

    • SHA256

      48b61a3958cde556eb4e899e7b50ff0a7aa36442f766e3509837a1ca73ebba9c

    • SHA512

      c259f0fbdd4e5fdbf1743d9850e842a9992066a32756cc185c9047f537be2beb1bffc6ce7ea67bbeabc8ce278c9925aed3caba57e276e6b32d699e11135b8956

    • SSDEEP

      1536:48h4AMg7XJUoATsoLfcgNKhX0QRehne4cvh+NJ2uIp2xPr1qmdRmw:HMg7WTxjcdRehneVk2uIpQduw

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks