Overview

overview

10

Static

static

99f23c3c2d...01.exe

windows7-x64

10

99f23c3c2d...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99f23c3c2d12d62d0e7e5c964dfb5324aaa5e7ec644c3f0114ff52907a6a5101

  • Size

    45KB

  • Sample

    221123-te7k5aha2x

  • MD5

    2ef681a786b69beb672d79c789e3f15d

  • SHA1

    b1181ba425a28b04f81d9ec319eed202695b3237

  • SHA256

    99f23c3c2d12d62d0e7e5c964dfb5324aaa5e7ec644c3f0114ff52907a6a5101

  • SHA512

    4b3948d86b7ed52c8ab1061b054f2df19a4620c8896161b394a952b1b13f7ce7490148776a71f53b30495d8b0067a7e592406ed916802b74d7ed60268f318ed6

  • SSDEEP

    768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JXz:EOxyeFo6NPCAosxYyXdF5oy3VoKz

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      99f23c3c2d12d62d0e7e5c964dfb5324aaa5e7ec644c3f0114ff52907a6a5101

    • Size

      45KB

    • MD5

      2ef681a786b69beb672d79c789e3f15d

    • SHA1

      b1181ba425a28b04f81d9ec319eed202695b3237

    • SHA256

      99f23c3c2d12d62d0e7e5c964dfb5324aaa5e7ec644c3f0114ff52907a6a5101

    • SHA512

      4b3948d86b7ed52c8ab1061b054f2df19a4620c8896161b394a952b1b13f7ce7490148776a71f53b30495d8b0067a7e592406ed916802b74d7ed60268f318ed6

    • SSDEEP

      768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JXz:EOxyeFo6NPCAosxYyXdF5oy3VoKz

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks