Overview

overview

10

Static

static

911ba7c1f2...ed.exe

windows7-x64

10

911ba7c1f2...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    911ba7c1f233d63372985660acd8efdd19bf8de0d1d53020e8e6436df2fd41ed

  • Size

    159KB

  • Sample

    221203-bx8l2adb83

  • MD5

    147de5395a3a08d007ab122d380aea50

  • SHA1

    0ac2316c1df5a800413211f26f23462c6bd58e1c

  • SHA256

    911ba7c1f233d63372985660acd8efdd19bf8de0d1d53020e8e6436df2fd41ed

  • SHA512

    308a5c83ac9a27e28fe35a74dc1f379093e83f7ab3d4090c599d079421f71cb0285e7126db7f35b03914f71ca8f43edc922654c3405cfa98cbb2cc8eedbed92a

  • SSDEEP

    3072:iJUc+0h1L5y+TfQ41Gc3yKq0VNwnv4dmvor6mFH:1c+M1L5Tmc3Q2q4dWmp

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      911ba7c1f233d63372985660acd8efdd19bf8de0d1d53020e8e6436df2fd41ed

    • Size

      159KB

    • MD5

      147de5395a3a08d007ab122d380aea50

    • SHA1

      0ac2316c1df5a800413211f26f23462c6bd58e1c

    • SHA256

      911ba7c1f233d63372985660acd8efdd19bf8de0d1d53020e8e6436df2fd41ed

    • SHA512

      308a5c83ac9a27e28fe35a74dc1f379093e83f7ab3d4090c599d079421f71cb0285e7126db7f35b03914f71ca8f43edc922654c3405cfa98cbb2cc8eedbed92a

    • SSDEEP

      3072:iJUc+0h1L5y+TfQ41Gc3yKq0VNwnv4dmvor6mFH:1c+M1L5Tmc3Q2q4dWmp

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks