Overview

overview

8

Static

static

7073f4286a...ee.exe

windows7-x64

8

7073f4286a...ee.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7073f4286a30a37b6a0faea483b79c6caa6b23133421757c515ec7388d3d19ee

  • Size

    1.8MB

  • Sample

    221124-z5p2naad76

  • MD5

    3d7684528be046a32765faf98f9ad34a

  • SHA1

    ccad496d04468852d6bd8a63d7addddfb79ff6fb

  • SHA256

    7073f4286a30a37b6a0faea483b79c6caa6b23133421757c515ec7388d3d19ee

  • SHA512

    e6dd81e302a3a5e75c48a9132f1c060c474bd8af52012db17b86ab949bbc2ebdf5032980f98efe56d2a52da8d63ff5fabfff2446712d6bf31c10587f600445f1

  • SSDEEP

    49152:yko42EJ0BHqVq+iiTCnTxQCVtPrFbdlzrk4488H:ho5ES+iiTCTxpVtPrFJp7488H

Score
8/10
persistence

Malware Config

Targets

    • Target

      7073f4286a30a37b6a0faea483b79c6caa6b23133421757c515ec7388d3d19ee

    • Size

      1.8MB

    • MD5

      3d7684528be046a32765faf98f9ad34a

    • SHA1

      ccad496d04468852d6bd8a63d7addddfb79ff6fb

    • SHA256

      7073f4286a30a37b6a0faea483b79c6caa6b23133421757c515ec7388d3d19ee

    • SHA512

      e6dd81e302a3a5e75c48a9132f1c060c474bd8af52012db17b86ab949bbc2ebdf5032980f98efe56d2a52da8d63ff5fabfff2446712d6bf31c10587f600445f1

    • SSDEEP

      49152:yko42EJ0BHqVq+iiTCnTxQCVtPrFbdlzrk4488H:ho5ES+iiTCTxpVtPrFJp7488H

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks