b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b | Triage

Submit
Reports

Overview

overview

Static

static

b8aabf06b2...9b.exe

windows7-x64

b8aabf06b2...9b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b
Size

45KB
Sample

221129-d9vl2scb27
MD5

051b8b899820d413ff6e1864254fd2c8
SHA1

547183fc5cffa8e23244c71029161ba46cf8747d
SHA256

b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b
SHA512

c2b2a6a47bb65c39b802f05e37a393d5e98e1652d91f092d65d1e81280bc014e084b8bc688fa3ad8bed4f37dd9b438826cbf6b2db6d0b8a3a85535bfc1cbf964
SSDEEP

768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JXv:EOxyeFo6NPCAosxYyXdF5oy3VoKv

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b.exe

Resource

win7-20220901-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b.exe

Resource

win10v2004-20221111-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b
- Size
  
  45KB
- MD5
  
  051b8b899820d413ff6e1864254fd2c8
- SHA1
  
  547183fc5cffa8e23244c71029161ba46cf8747d
- SHA256
  
  b8aabf06b24bbe456032078618dd1be2908431fcbaedf3bb517bdfc46efcb89b
- SHA512
  
  c2b2a6a47bb65c39b802f05e37a393d5e98e1652d91f092d65d1e81280bc014e084b8bc688fa3ad8bed4f37dd9b438826cbf6b2db6d0b8a3a85535bfc1cbf964
- SSDEEP
  
  768:E1AuwHyeFo6NPIFAoslbf8eRYLGXdoIFbb5omuKWcbsvwnoT9D88888888888JXv:EOxyeFo6NPCAosxYyXdF5oy3VoKv
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy