Overview

overview

8

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    113f1373aaeefbde43b540abc97e5a07130b6e4c926c09390e1c8fdcb622baeb

  • Size

    424KB

  • Sample

    221125-edcxssdb3t

  • MD5

    23e5784ebbdc329735c7f902049b33ae

  • SHA1

    21795c04c6aaeb050e80485a740c3bd3d1a790a2

  • SHA256

    113f1373aaeefbde43b540abc97e5a07130b6e4c926c09390e1c8fdcb622baeb

  • SHA512

    e785dbad42e11cf1ce312e27acf0b21958202be48d1308bc57f065d95c71a0cf6283139ec4d9fba27a79a29a9a1f45db72b3b4f7e6aec2e9810e334286bb72f0

  • SSDEEP

    12288:Qce6k34fTqLLvvmZ9osRNoBMnJbaRCzdG01:XzWXyosRNoBUlz1

Score
8/10
persistence

Malware Config

Targets

    • Target

      113f1373aaeefbde43b540abc97e5a07130b6e4c926c09390e1c8fdcb622baeb

    • Size

      424KB

    • MD5

      23e5784ebbdc329735c7f902049b33ae

    • SHA1

      21795c04c6aaeb050e80485a740c3bd3d1a790a2

    • SHA256

      113f1373aaeefbde43b540abc97e5a07130b6e4c926c09390e1c8fdcb622baeb

    • SHA512

      e785dbad42e11cf1ce312e27acf0b21958202be48d1308bc57f065d95c71a0cf6283139ec4d9fba27a79a29a9a1f45db72b3b4f7e6aec2e9810e334286bb72f0

    • SSDEEP

      12288:Qce6k34fTqLLvvmZ9osRNoBMnJbaRCzdG01:XzWXyosRNoBUlz1

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks