Overview

overview

10

Static

static

86518918c8...73.exe

windows7-x64

10

86518918c8...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86518918c856e97fb1d39e281378202e7292cf58fd8d806f3c70356ba1804673

  • Size

    1.5MB

  • Sample

    221126-3czxyacf29

  • MD5

    f599e7244d548ecafafdea2819e1ba57

  • SHA1

    39c9fd2fef29eccdf98ee2af7acdc47506f3d9e0

  • SHA256

    86518918c856e97fb1d39e281378202e7292cf58fd8d806f3c70356ba1804673

  • SHA512

    a934587f3f3c32348e71635dc069b4f8892de7d00538f20e4fd585cbf7c64efc6edc3092700d663a785d637a5b6a8ae56170531698844d35b754ced5f04235b3

  • SSDEEP

    24576:xCTPMAzVkUetVI5ut/VkP+x6IS02FmZu4Pw:UPMmZuvS02FmZul

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      86518918c856e97fb1d39e281378202e7292cf58fd8d806f3c70356ba1804673

    • Size

      1.5MB

    • MD5

      f599e7244d548ecafafdea2819e1ba57

    • SHA1

      39c9fd2fef29eccdf98ee2af7acdc47506f3d9e0

    • SHA256

      86518918c856e97fb1d39e281378202e7292cf58fd8d806f3c70356ba1804673

    • SHA512

      a934587f3f3c32348e71635dc069b4f8892de7d00538f20e4fd585cbf7c64efc6edc3092700d663a785d637a5b6a8ae56170531698844d35b754ced5f04235b3

    • SSDEEP

      24576:xCTPMAzVkUetVI5ut/VkP+x6IS02FmZu4Pw:UPMmZuvS02FmZul

    Score
    10/10
    evasionpersistence

    • Modifies system executable filetype association

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Change Default File Association

1
T1042

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks