Overview

overview

10

Static

static

14380587d3...e1.exe

windows7-x64

10

14380587d3...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14380587d38d14df287f13e5178d5de85f7c347d3650070b9590d4203b7dd6e1

  • Size

    177KB

  • Sample

    221123-tcpmjadf78

  • MD5

    356e76b8c5593e92b563b4938d8ee05b

  • SHA1

    3161947d5bfbdab4890aa21ff7cd894ab38f419d

  • SHA256

    14380587d38d14df287f13e5178d5de85f7c347d3650070b9590d4203b7dd6e1

  • SHA512

    5133b710e8754500be76057db85f95db68e7c340d618430ea8ff493d8b323b66a34be6680311dde683f47b7ca86dac956ea6c8a224359e547ad40bbf67589b79

  • SSDEEP

    3072:o5oPSustO686MqF74XonUokrT5LBfArjKhF1A7D9bi+N:H41D4Zok514HGC9TN

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      14380587d38d14df287f13e5178d5de85f7c347d3650070b9590d4203b7dd6e1

    • Size

      177KB

    • MD5

      356e76b8c5593e92b563b4938d8ee05b

    • SHA1

      3161947d5bfbdab4890aa21ff7cd894ab38f419d

    • SHA256

      14380587d38d14df287f13e5178d5de85f7c347d3650070b9590d4203b7dd6e1

    • SHA512

      5133b710e8754500be76057db85f95db68e7c340d618430ea8ff493d8b323b66a34be6680311dde683f47b7ca86dac956ea6c8a224359e547ad40bbf67589b79

    • SSDEEP

      3072:o5oPSustO686MqF74XonUokrT5LBfArjKhF1A7D9bi+N:H41D4Zok514HGC9TN

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

2
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks