Overview

overview

10

Static

static

f64a976ce5...7f.exe

windows7-x64

10

f64a976ce5...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f64a976ce5eb05c392b3c309a091dc1094e68095d54ccbc9980558832c03837f

  • Size

    112KB

  • Sample

    221202-gz8byadh6t

  • MD5

    0afcd76cf4b9a63151f8b53e43cc0490

  • SHA1

    033e1b73bb4df2884992457487c3a96f4c1c4324

  • SHA256

    f64a976ce5eb05c392b3c309a091dc1094e68095d54ccbc9980558832c03837f

  • SHA512

    d12a0f14480bb96d6898b2515cc73b4fa3cfab841b7850788eb54c77c58b7f6d7a688bf4bea088824acc15e2f92819f3648c937b425d7e54b4bb2080f3451833

  • SSDEEP

    1536:wau2N2A09fhVJf9V4T86SIQvZ2fG9X9/U/Z/z95Cto4mfuIj3IPukbJ6v60:wFHJf9VgSIQBgAN/UV94o4mfuBbJ6v60

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      f64a976ce5eb05c392b3c309a091dc1094e68095d54ccbc9980558832c03837f

    • Size

      112KB

    • MD5

      0afcd76cf4b9a63151f8b53e43cc0490

    • SHA1

      033e1b73bb4df2884992457487c3a96f4c1c4324

    • SHA256

      f64a976ce5eb05c392b3c309a091dc1094e68095d54ccbc9980558832c03837f

    • SHA512

      d12a0f14480bb96d6898b2515cc73b4fa3cfab841b7850788eb54c77c58b7f6d7a688bf4bea088824acc15e2f92819f3648c937b425d7e54b4bb2080f3451833

    • SSDEEP

      1536:wau2N2A09fhVJf9V4T86SIQvZ2fG9X9/U/Z/z95Cto4mfuIj3IPukbJ6v60:wFHJf9VgSIQBgAN/UV94o4mfuBbJ6v60

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks