Overview

overview

10

Static

static

684d9a6f22...06.exe

windows7-x64

10

684d9a6f22...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    684d9a6f22dbeaade18db4926d86c3eb4b0b92d01845c50d122e79df6fb33806

  • Size

    167KB

  • Sample

    221125-jlh61afc5x

  • MD5

    98ef819f3d8f7c63fd64c818c575f54b

  • SHA1

    b6f7dec83a2d7e7fc2b39f92797c17d839186291

  • SHA256

    684d9a6f22dbeaade18db4926d86c3eb4b0b92d01845c50d122e79df6fb33806

  • SHA512

    0e2cb23d3c8e1751dc187c200ba6dac8bd2c43366495d2728aa2eaecf81b70fae6394fbdf73c354ef7daf8e8668beb0ccd1994eeb94420c9d0d15c7299d07f8c

  • SSDEEP

    3072:w6lLYNrblBWBcywybPj8J2QTHPl4c0FkTC6fUNRD5byFW:hIdfyb3WPlr0FkTCuUjD5uW

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      684d9a6f22dbeaade18db4926d86c3eb4b0b92d01845c50d122e79df6fb33806

    • Size

      167KB

    • MD5

      98ef819f3d8f7c63fd64c818c575f54b

    • SHA1

      b6f7dec83a2d7e7fc2b39f92797c17d839186291

    • SHA256

      684d9a6f22dbeaade18db4926d86c3eb4b0b92d01845c50d122e79df6fb33806

    • SHA512

      0e2cb23d3c8e1751dc187c200ba6dac8bd2c43366495d2728aa2eaecf81b70fae6394fbdf73c354ef7daf8e8668beb0ccd1994eeb94420c9d0d15c7299d07f8c

    • SSDEEP

      3072:w6lLYNrblBWBcywybPj8J2QTHPl4c0FkTC6fUNRD5byFW:hIdfyb3WPlr0FkTCuUjD5uW

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks