Overview

overview

10

Static

static

f1b684bd06...9d.exe

windows7-x64

10

f1b684bd06...9d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f1b684bd06a5534075401cb77ccb78d2415b4745c83670488d97e6bd0d15c89d

  • Size

    116KB

  • Sample

    221201-2epz3sbf8y

  • MD5

    1569dc95102fc5ae8a11e93bcde2e3d0

  • SHA1

    7a00fe2683b19bf48d22cd78692526211e88081f

  • SHA256

    f1b684bd06a5534075401cb77ccb78d2415b4745c83670488d97e6bd0d15c89d

  • SHA512

    fc6116b842ba4fc7de4066537ea01fc4348866af3fe42b07c609e7357791217065a9eca479c0115c0fa9deade637abe5cca993028f55d2abfa8df4cc5ed96ead

  • SSDEEP

    3072:0vt9PMgsBapRyr2cdaxnyMx/6SYl7kaG7cX2P:W9kgs4g6ryybqu

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      f1b684bd06a5534075401cb77ccb78d2415b4745c83670488d97e6bd0d15c89d

    • Size

      116KB

    • MD5

      1569dc95102fc5ae8a11e93bcde2e3d0

    • SHA1

      7a00fe2683b19bf48d22cd78692526211e88081f

    • SHA256

      f1b684bd06a5534075401cb77ccb78d2415b4745c83670488d97e6bd0d15c89d

    • SHA512

      fc6116b842ba4fc7de4066537ea01fc4348866af3fe42b07c609e7357791217065a9eca479c0115c0fa9deade637abe5cca993028f55d2abfa8df4cc5ed96ead

    • SSDEEP

      3072:0vt9PMgsBapRyr2cdaxnyMx/6SYl7kaG7cX2P:W9kgs4g6ryybqu

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks