Overview

overview

8

Static

static

Mondial Re...is.exe

windows7-x64

8

Mondial Re...is.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a95c7104d028f8980eb66ca489f4c3caa0edcaa9f10c3b29f498dda6d44f65d5

  • Size

    157KB

  • Sample

    221124-cpgc9aba67

  • MD5

    a91e72ad1e0a66331f0467627e6cfc2c

  • SHA1

    b43bcddc7288678b0cecbc0735deef29dd58aae4

  • SHA256

    a95c7104d028f8980eb66ca489f4c3caa0edcaa9f10c3b29f498dda6d44f65d5

  • SHA512

    43e7fca23f6209a435bab3753bf8c579fc4b5538b1c60ab440a66f5cef6ade801eeffe9ee918d6f2a9b09c23b4d52f720022cfae51c55ca4a4062286e9783c9a

  • SSDEEP

    3072:KJzykPD8JI8rxUW8hbYU9Uek7KvhhsLOJlzqFskBcDi+vrA4Q:8PDmI8rOW8hRxkihRzqNBcnAH

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      Mondial Relay - Suivi Votre Colis.exe

    • Size

      226KB

    • MD5

      cb3d410e74c8ed0c8ac007a5747b678a

    • SHA1

      601294ff8a25d831296730de135ce2fe588736ba

    • SHA256

      337b7a0119a9512632aa5349449797eff2c569382f220e279bcd595959dc82d1

    • SHA512

      1c11c657819134d9fa97e3ed387c9b74c9ed42be8d9e67d9f45ef43b988df6fee82cee076945f23e6604f20d93d2fa3b7dc296459b0f96e42523be5c7988bf2e

    • SSDEEP

      6144:JYa2oQoC72vdWAMNZxOdxey8KODF8IvXgV3nhm:JYWRC7EdWAMzQbg8d

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks