Overview

overview

7

Static

static

d9dc7faf71...d0.exe

windows7-x64

7

d9dc7faf71...d0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9dc7faf71de495d022c8ea2be4eb2a7425e26706039c29411239ac1b36592d0

  • Size

    136KB

  • Sample

    221127-r7hrcsad9v

  • MD5

    f9cfee17ce6b109f7ed19aa3f720a986

  • SHA1

    ef37411f66861fcfafbca78ebef821a16f16665a

  • SHA256

    d9dc7faf71de495d022c8ea2be4eb2a7425e26706039c29411239ac1b36592d0

  • SHA512

    ee1a2322a9505ab6166f02f997193e75b662b233cf52f7d90d261aaac90c6706afe47368a1fe74396df99e0f551798f126541609faab87792f0d6cb797ead030

  • SSDEEP

    3072:CKXR/jtaBTpdgUvxK3hamokNXov6A8IxfGTngHzvLd0scU:CKBBMTp830CNYv6APGTgHzzd0q

Score
7/10
persistence

Malware Config

Targets

    • Target

      d9dc7faf71de495d022c8ea2be4eb2a7425e26706039c29411239ac1b36592d0

    • Size

      136KB

    • MD5

      f9cfee17ce6b109f7ed19aa3f720a986

    • SHA1

      ef37411f66861fcfafbca78ebef821a16f16665a

    • SHA256

      d9dc7faf71de495d022c8ea2be4eb2a7425e26706039c29411239ac1b36592d0

    • SHA512

      ee1a2322a9505ab6166f02f997193e75b662b233cf52f7d90d261aaac90c6706afe47368a1fe74396df99e0f551798f126541609faab87792f0d6cb797ead030

    • SSDEEP

      3072:CKXR/jtaBTpdgUvxK3hamokNXov6A8IxfGTngHzvLd0scU:CKBBMTp830CNYv6APGTgHzzd0q

    Score
    7/10
    persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks