Overview

overview

10

Static

static

47efdf9a2a...ae.exe

windows7-x64

10

47efdf9a2a...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47efdf9a2a632987f717bfc0d957495885372aeea7f997604cae8baf288ca7ae

  • Size

    116KB

  • Sample

    221124-adxvraeb52

  • MD5

    26765b3633fbccc488873454b7ee5c51

  • SHA1

    053b4dffc1feb563f42651af91e3939305c25abc

  • SHA256

    47efdf9a2a632987f717bfc0d957495885372aeea7f997604cae8baf288ca7ae

  • SHA512

    a1e20c64326e152cd0c888db214eeb42daf3f7200e20c0f89a5da7edfb056c4331e05687d3b62c90626cd5a1ec67cadd033eabe0e46cdb723261a1567fe2a03e

  • SSDEEP

    3072:avTb+I6tpVi8VDbojq/6SYl7kE/lIS62r:MKpEsDbEobzS

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      47efdf9a2a632987f717bfc0d957495885372aeea7f997604cae8baf288ca7ae

    • Size

      116KB

    • MD5

      26765b3633fbccc488873454b7ee5c51

    • SHA1

      053b4dffc1feb563f42651af91e3939305c25abc

    • SHA256

      47efdf9a2a632987f717bfc0d957495885372aeea7f997604cae8baf288ca7ae

    • SHA512

      a1e20c64326e152cd0c888db214eeb42daf3f7200e20c0f89a5da7edfb056c4331e05687d3b62c90626cd5a1ec67cadd033eabe0e46cdb723261a1567fe2a03e

    • SSDEEP

      3072:avTb+I6tpVi8VDbojq/6SYl7kE/lIS62r:MKpEsDbEobzS

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks