Overview

overview

10

Static

static

1307e8e63c...f3.exe

windows7-x64

10

1307e8e63c...f3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1307e8e63c9388c80ffaca8ff5fe4f5e90f6c7ba2c1b7fac921ce51992cbecf3

  • Size

    240KB

  • Sample

    221124-axdk8aag5w

  • MD5

    03f644374095951656c6ee3b31d0baff

  • SHA1

    41e1a73672f4366f60d18789acea6524b423f9df

  • SHA256

    1307e8e63c9388c80ffaca8ff5fe4f5e90f6c7ba2c1b7fac921ce51992cbecf3

  • SHA512

    1ce1eb89051ab570a795d2febfe91f3cbf07bbc425901576f3e34d27df7ec16a9bb2c452f143162746288f0f563cdeadc0188996059165897037fce5ab6a9d66

  • SSDEEP

    3072:T2f3wRqQxKvxnsRcaCrGIAtpFO0bikGlY4PwVDRVkYhEfQc3pg3EgzlxM/SxAzgz:iPeyxTiICpFO0yIHc3+3pzluaW0

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      1307e8e63c9388c80ffaca8ff5fe4f5e90f6c7ba2c1b7fac921ce51992cbecf3

    • Size

      240KB

    • MD5

      03f644374095951656c6ee3b31d0baff

    • SHA1

      41e1a73672f4366f60d18789acea6524b423f9df

    • SHA256

      1307e8e63c9388c80ffaca8ff5fe4f5e90f6c7ba2c1b7fac921ce51992cbecf3

    • SHA512

      1ce1eb89051ab570a795d2febfe91f3cbf07bbc425901576f3e34d27df7ec16a9bb2c452f143162746288f0f563cdeadc0188996059165897037fce5ab6a9d66

    • SSDEEP

      3072:T2f3wRqQxKvxnsRcaCrGIAtpFO0bikGlY4PwVDRVkYhEfQc3pg3EgzlxM/SxAzgz:iPeyxTiICpFO0yIHc3+3pzluaW0

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

2
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks