Overview

overview

10

Static

static

1dac49a6d6...9b.exe

windows7-x64

10

1dac49a6d6...9b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1dac49a6d6752628e50bc92638bdaab89ecb1783075d42236939ce944c1b979b

  • Size

    23.9MB

  • Sample

    221125-ylhykabc99

  • MD5

    03477562a5e3e8ea14776e5112145287

  • SHA1

    848c678f64d57462ac8287d26b1774e4955f59a5

  • SHA256

    1dac49a6d6752628e50bc92638bdaab89ecb1783075d42236939ce944c1b979b

  • SHA512

    fc5c5d4729941cb4f2dc559077e705b981cc53d2938429e622eb14010b03ee9b4ac28f1f1bd943e1d97832658f0a0fc6244ac4a5de4172c64975c95e84a77f71

  • SSDEEP

    393216:V6bDIK+QhSqWaMdVMXQahXezeoJiX1p7Pvhtezbu6E4Cf8/BiDaccZIofEPjcFTB:VecqSqWavHOzbcX15HXAHCtDatTfqIJB

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      1dac49a6d6752628e50bc92638bdaab89ecb1783075d42236939ce944c1b979b

    • Size

      23.9MB

    • MD5

      03477562a5e3e8ea14776e5112145287

    • SHA1

      848c678f64d57462ac8287d26b1774e4955f59a5

    • SHA256

      1dac49a6d6752628e50bc92638bdaab89ecb1783075d42236939ce944c1b979b

    • SHA512

      fc5c5d4729941cb4f2dc559077e705b981cc53d2938429e622eb14010b03ee9b4ac28f1f1bd943e1d97832658f0a0fc6244ac4a5de4172c64975c95e84a77f71

    • SSDEEP

      393216:V6bDIK+QhSqWaMdVMXQahXezeoJiX1p7Pvhtezbu6E4Cf8/BiDaccZIofEPjcFTB:VecqSqWavHOzbcX15HXAHCtDatTfqIJB

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks