Overview

overview

10

Static

static

f4af208dd1...db.exe

windows7-x64

10

f4af208dd1...db.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    f4af208dd1f9a16b52b1528053f6ac4773790352e9169d752bbc12ba5a987bdb

  • Size

    94KB

  • Sample

    221127-wbky3aah8s

  • MD5

    049585a4429990dcb28d90acd8825fda

  • SHA1

    7e6a869087bfc58625a9d6b580f004fa57478212

  • SHA256

    f4af208dd1f9a16b52b1528053f6ac4773790352e9169d752bbc12ba5a987bdb

  • SHA512

    57ce9c346ddbac1ae76add5423fb31beb241684302a34e503156ca2f07543cfbbf72ffd1da1915d4745fe6aaa632926fc5e21af49e38193796523fc3222351f9

  • SSDEEP

    1536:Rsxs5txG0G8wDEJXfj0vF8U76cxMyWSqU6GfwVwgCWBTeWvShQ+z5iN8zQkJRQyo:SxiLbL+lxMyWSqU6GfwVwg1BTeWvShQJ

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      f4af208dd1f9a16b52b1528053f6ac4773790352e9169d752bbc12ba5a987bdb

    • Size

      94KB

    • MD5

      049585a4429990dcb28d90acd8825fda

    • SHA1

      7e6a869087bfc58625a9d6b580f004fa57478212

    • SHA256

      f4af208dd1f9a16b52b1528053f6ac4773790352e9169d752bbc12ba5a987bdb

    • SHA512

      57ce9c346ddbac1ae76add5423fb31beb241684302a34e503156ca2f07543cfbbf72ffd1da1915d4745fe6aaa632926fc5e21af49e38193796523fc3222351f9

    • SSDEEP

      1536:Rsxs5txG0G8wDEJXfj0vF8U76cxMyWSqU6GfwVwgCWBTeWvShQ+z5iN8zQkJRQyo:SxiLbL+lxMyWSqU6GfwVwg1BTeWvShQJ

    Score
    10/10
    evasionpersistencetrojan

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks