Overview

overview

10

Static

static

Details.doc

windows7-x64

10

Details.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffe897e4403a615a36bc0fda503581045a6b913dbc81efa8f614b8435cd88539

  • Size

    95KB

  • Sample

    221123-xqvmgsfg34

  • MD5

    41a811df6db25cb3f4272ff5c4333574

  • SHA1

    4dcf9cf9be1491d7e8f41cb8f69ffaac0096d3d3

  • SHA256

    ffe897e4403a615a36bc0fda503581045a6b913dbc81efa8f614b8435cd88539

  • SHA512

    a9d59642abfcd96c8cefdbc870365833bb862da9c6f3d99a8d98b172ffef5e036456a78ea4df532a254062704fb172765c6983a9fa273b151faf503cd2300e85

  • SSDEEP

    1536:TEHtIyXhRkwWHj1YA+GFjC2n3zIshv5QKfLYgas1Y5jM3fTaTLIAjWuTzG3GM5jF:TEHtnXh2pxYA+cO2nkGv5lfsghEjMvOM

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      Details.Doc

    • Size

      423KB

    • MD5

      f3e569bd7fb69a547a0d46d9659a9000

    • SHA1

      8479251038eef078575c04fad710760a59ab0e1c

    • SHA256

      d3cb4f40b5ec7c33240944c76ef260415fcb893318589ff299d6bf3d8daabd7f

    • SHA512

      3c21b279655a7ade212d9dc3bed935aa57dd6d8d3b3871dc78613bec52102109331b926416d87265e8fbcc7cdcd3e336bebecc2d6f7d8044adea222f288b8169

    • SSDEEP

      12288:maQUr+kF48JwqkS+c+GPRnQf8ccccxKfHGL:r43q1Qf8ccccWGL

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks