Overview

overview

8

Static

static

15b2e980e1...dc.exe

windows7-x64

8

15b2e980e1...dc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15b2e980e1d6df1df0918d5c504eafd037900aab654215847735f46b5900b5dc

  • Size

    600KB

  • Sample

    221125-e8x68afb2z

  • MD5

    832782e8825d602ab1f56ef028a3a09f

  • SHA1

    cdf038350ccef100415629ff7a8b17d5501c39a5

  • SHA256

    15b2e980e1d6df1df0918d5c504eafd037900aab654215847735f46b5900b5dc

  • SHA512

    dfe2c6af9adcd4237f23ac8d9b2e9688ab49c778c5403f008ec96ad96a3db3031b869adb12897037ccf0ec2d8fe99a699efb5e5c4ef5143f083747d7d0f76a9f

  • SSDEEP

    6144:xKkuO2YCt6BXyo04xS3O4F/6xOb2FxY2Fh12RrJJUzvtuQZ7TOLWxYV/8LTLEvZz:x4l3OJxOUShezvMQZy+26GZ

Score
8/10
persistence

Malware Config

Targets

    • Target

      15b2e980e1d6df1df0918d5c504eafd037900aab654215847735f46b5900b5dc

    • Size

      600KB

    • MD5

      832782e8825d602ab1f56ef028a3a09f

    • SHA1

      cdf038350ccef100415629ff7a8b17d5501c39a5

    • SHA256

      15b2e980e1d6df1df0918d5c504eafd037900aab654215847735f46b5900b5dc

    • SHA512

      dfe2c6af9adcd4237f23ac8d9b2e9688ab49c778c5403f008ec96ad96a3db3031b869adb12897037ccf0ec2d8fe99a699efb5e5c4ef5143f083747d7d0f76a9f

    • SSDEEP

      6144:xKkuO2YCt6BXyo04xS3O4F/6xOb2FxY2Fh12RrJJUzvtuQZ7TOLWxYV/8LTLEvZz:x4l3OJxOUShezvMQZy+26GZ

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks