Overview

overview

10

Static

static

ce5f9e7ee6...c5.exe

windows7-x64

10

ce5f9e7ee6...c5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ce5f9e7ee66ebb6587c3f04d6e4a76e35816a3795413f28f7f91f9d2f79654c5

  • Size

    132KB

  • Sample

    221203-p15ansbf68

  • MD5

    fd58d7467acc9f1b5a9068f78b36e389

  • SHA1

    672226ff22ec881f520f5054507e132cce25f8be

  • SHA256

    ce5f9e7ee66ebb6587c3f04d6e4a76e35816a3795413f28f7f91f9d2f79654c5

  • SHA512

    51ced870ad901a45437611a493a1038f7c53b792080c5fca4b7a4c6b03a2a933c5af1c0f79cd18948e438d8737f1c0cb628480f41bb803ec9f5b31d829d8c7e7

  • SSDEEP

    768:p/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:p/roM7ZJfUQWgY54v

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      ce5f9e7ee66ebb6587c3f04d6e4a76e35816a3795413f28f7f91f9d2f79654c5

    • Size

      132KB

    • MD5

      fd58d7467acc9f1b5a9068f78b36e389

    • SHA1

      672226ff22ec881f520f5054507e132cce25f8be

    • SHA256

      ce5f9e7ee66ebb6587c3f04d6e4a76e35816a3795413f28f7f91f9d2f79654c5

    • SHA512

      51ced870ad901a45437611a493a1038f7c53b792080c5fca4b7a4c6b03a2a933c5af1c0f79cd18948e438d8737f1c0cb628480f41bb803ec9f5b31d829d8c7e7

    • SSDEEP

      768:p/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:p/roM7ZJfUQWgY54v

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks