Overview

overview

10

Static

static

37ffbff025...53.exe

windows7-x64

10

37ffbff025...53.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    37ffbff02585167be5d15b28d167582ccff6a4c4e91d6519b666e94705b01453

  • Size

    159KB

  • Sample

    221204-h9f6wagg84

  • MD5

    379c0f41b4009fc49e744f5dc674c4e0

  • SHA1

    3c8fab753447206dd952602a28542e51fbbfdf53

  • SHA256

    37ffbff02585167be5d15b28d167582ccff6a4c4e91d6519b666e94705b01453

  • SHA512

    849c277060252e6329db287c3e957d0876ffbd1934d9788dc834f7a2952884a6c0362881bed855f275f8a948e245289acfdb4e9e303ff67cb7d944c038b83795

  • SSDEEP

    3072:p+62lAMZwIiWB937A8gMX5GyUzlnTrSLcorQHwn:QVuMZwsBJ578zNrSI6

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      37ffbff02585167be5d15b28d167582ccff6a4c4e91d6519b666e94705b01453

    • Size

      159KB

    • MD5

      379c0f41b4009fc49e744f5dc674c4e0

    • SHA1

      3c8fab753447206dd952602a28542e51fbbfdf53

    • SHA256

      37ffbff02585167be5d15b28d167582ccff6a4c4e91d6519b666e94705b01453

    • SHA512

      849c277060252e6329db287c3e957d0876ffbd1934d9788dc834f7a2952884a6c0362881bed855f275f8a948e245289acfdb4e9e303ff67cb7d944c038b83795

    • SSDEEP

      3072:p+62lAMZwIiWB937A8gMX5GyUzlnTrSLcorQHwn:QVuMZwsBJ578zNrSI6

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks