Overview

overview

10

Static

static

ef2513283a...bf.exe

windows7-x64

10

ef2513283a...bf.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef2513283a9222d180ea6e71d3f5bccf93580a070a0dba4b57d16727bdc266bf

  • Size

    445KB

  • Sample

    221124-gjgjaafg2t

  • MD5

    1f2af336629edefe5200fcca0c63be3b

  • SHA1

    853bb531a6905e4cfad60987e167fb4a8b6dbd4c

  • SHA256

    ef2513283a9222d180ea6e71d3f5bccf93580a070a0dba4b57d16727bdc266bf

  • SHA512

    03b2a02705a9678acecd85f8ebb22cfd70ed8df0c0c71c0af4737f566942bf0cb03f84693de7015f4a5af34bf9eec82d8c911cbd18d1de9d55270f24777af381

  • SSDEEP

    12288:JHICZ9iSCnm8B/Hw9pVKGCs64DVdZ3+8qFXTjQp:JoC7ijwFKlVadZ3+8qNQp

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      ef2513283a9222d180ea6e71d3f5bccf93580a070a0dba4b57d16727bdc266bf

    • Size

      445KB

    • MD5

      1f2af336629edefe5200fcca0c63be3b

    • SHA1

      853bb531a6905e4cfad60987e167fb4a8b6dbd4c

    • SHA256

      ef2513283a9222d180ea6e71d3f5bccf93580a070a0dba4b57d16727bdc266bf

    • SHA512

      03b2a02705a9678acecd85f8ebb22cfd70ed8df0c0c71c0af4737f566942bf0cb03f84693de7015f4a5af34bf9eec82d8c911cbd18d1de9d55270f24777af381

    • SSDEEP

      12288:JHICZ9iSCnm8B/Hw9pVKGCs64DVdZ3+8qFXTjQp:JoC7ijwFKlVadZ3+8qNQp

    Score
    10/10
    evasionpersistencetrojan

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks