Overview

overview

10

Static

static

8c969b454a...23.exe

windows7-x64

10

8c969b454a...23.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c969b454ab77578698564531f9104e8fefc8b148c3695ea9ad50ef5cefebb23

  • Size

    151KB

  • Sample

    221123-vq6cwahg35

  • MD5

    43dfbcb757bfc6b9bc090aa1bde65b10

  • SHA1

    3552b7d8e7ce91f41eccba153f2685ca4872fc75

  • SHA256

    8c969b454ab77578698564531f9104e8fefc8b148c3695ea9ad50ef5cefebb23

  • SHA512

    85f3722e50039aa9a3fa596b80ca250f97c9c9b49452eee9dee2770d061ebc602bf0915d55cdc6526665a25be2524aa0516a049f169480647f047b7b9c3896d8

  • SSDEEP

    3072:QoBPNVT25wUV/U1CWTxN13tA/l+w+xFeABa06/JhkEwvnRud/HhJf32cAtudUE24:+yUV/0CxcqPMoRjTpzd

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      8c969b454ab77578698564531f9104e8fefc8b148c3695ea9ad50ef5cefebb23

    • Size

      151KB

    • MD5

      43dfbcb757bfc6b9bc090aa1bde65b10

    • SHA1

      3552b7d8e7ce91f41eccba153f2685ca4872fc75

    • SHA256

      8c969b454ab77578698564531f9104e8fefc8b148c3695ea9ad50ef5cefebb23

    • SHA512

      85f3722e50039aa9a3fa596b80ca250f97c9c9b49452eee9dee2770d061ebc602bf0915d55cdc6526665a25be2524aa0516a049f169480647f047b7b9c3896d8

    • SSDEEP

      3072:QoBPNVT25wUV/U1CWTxN13tA/l+w+xFeABa06/JhkEwvnRud/HhJf32cAtudUE24:+yUV/0CxcqPMoRjTpzd

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

2
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks