Overview

overview

8

Static

static

ec0daa3e40...f6.exe

windows7-x64

8

ec0daa3e40...f6.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6

  • Size

    108KB

  • Sample

    221125-1q284scd6s

  • MD5

    e478f4a5702d2d1db3955b34d4bafe70

  • SHA1

    c582678b884075ad873fb79bea641e6ef69af8db

  • SHA256

    ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6

  • SHA512

    da64bba0e41aa168949c7f236863b08efbbd9a21fab6acb63de6e532405bce34dffc9b781c7d5f600400c8ee0b689c614f6407b9644d10fcca6df12b97c9a303

  • SSDEEP

    768:dvmKZor4WvMzGBrxUv7SBEMoI9Ta0XZdPQWI9Ta0XZdPQghWcCrYW1TARcS4SFBZ:dvmKZozvMzmNiMzMF0CyJrG0CoMAtO

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6

    • Size

      108KB

    • MD5

      e478f4a5702d2d1db3955b34d4bafe70

    • SHA1

      c582678b884075ad873fb79bea641e6ef69af8db

    • SHA256

      ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6

    • SHA512

      da64bba0e41aa168949c7f236863b08efbbd9a21fab6acb63de6e532405bce34dffc9b781c7d5f600400c8ee0b689c614f6407b9644d10fcca6df12b97c9a303

    • SSDEEP

      768:dvmKZor4WvMzGBrxUv7SBEMoI9Ta0XZdPQWI9Ta0XZdPQghWcCrYW1TARcS4SFBZ:dvmKZozvMzmNiMzMF0CyJrG0CoMAtO

    Score
    8/10
    evasionpersistence

    • Looks for VMWare Tools registry key

      evasion

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks