Overview

overview

10

Static

static

2f283fb253...24.exe

windows7-x64

10

2f283fb253...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f283fb253cc63f74a71f71367084dbb35015193fecfc112725ea5529b434524

  • Size

    510KB

  • Sample

    221124-f94wtscb58

  • MD5

    6f502f1cc527cbc62411532220e1ce86

  • SHA1

    58c1b175ef0f758bcf26dd6d36a5597d0289fd10

  • SHA256

    2f283fb253cc63f74a71f71367084dbb35015193fecfc112725ea5529b434524

  • SHA512

    cccf8a62f96bd36fb9ed7b1f3f4b7d73b6dd2ffe1f1c9a6495830cc1f067c39afa603edad0a7cd6034ba6a1d344ff233b86950bdd02c1a258cf05f6fa688d1f1

  • SSDEEP

    12288:xCTPgrnZiJiAaMVkUet7EwBI+APu2DrVkP+xnXOBI+AM0bUjr:xCTPMAzVkUetVI5u2/VkP+x6IS0b+r

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      2f283fb253cc63f74a71f71367084dbb35015193fecfc112725ea5529b434524

    • Size

      510KB

    • MD5

      6f502f1cc527cbc62411532220e1ce86

    • SHA1

      58c1b175ef0f758bcf26dd6d36a5597d0289fd10

    • SHA256

      2f283fb253cc63f74a71f71367084dbb35015193fecfc112725ea5529b434524

    • SHA512

      cccf8a62f96bd36fb9ed7b1f3f4b7d73b6dd2ffe1f1c9a6495830cc1f067c39afa603edad0a7cd6034ba6a1d344ff233b86950bdd02c1a258cf05f6fa688d1f1

    • SSDEEP

      12288:xCTPgrnZiJiAaMVkUet7EwBI+APu2DrVkP+xnXOBI+AM0bUjr:xCTPMAzVkUetVI5u2/VkP+x6IS0b+r

    Score
    10/10
    evasionpersistence

    • Modifies system executable filetype association

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Change Default File Association

1
T1042

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks