Overview

overview

10

Static

static

be2f357f59...8a.exe

windows7-x64

10

be2f357f59...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be2f357f59aeb145829d1727ea7a0cd7d1f99e89486bfa5816a651294f65ce8a

  • Size

    73KB

  • Sample

    221205-h38bsacc2v

  • MD5

    2ebd05b5a1d018ee574d8d46df0fc7a6

  • SHA1

    a7108a9ff93a216ca7d94e70bd37be259cb58d45

  • SHA256

    be2f357f59aeb145829d1727ea7a0cd7d1f99e89486bfa5816a651294f65ce8a

  • SHA512

    80d69f16219beb09823588286fd3c0ab52e53f0af3630904d96576c78c0d0306de083249087e176198cab5e55f49ac05df04d0318cffc22eafded1a6ba493dee

  • SSDEEP

    1536:AZpibrjRkDgfnzFB9oCnyo2Vl8Eb3W7+ClJ6zL:A2brjRJfnJB3nyoWV3ilJk

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      be2f357f59aeb145829d1727ea7a0cd7d1f99e89486bfa5816a651294f65ce8a

    • Size

      73KB

    • MD5

      2ebd05b5a1d018ee574d8d46df0fc7a6

    • SHA1

      a7108a9ff93a216ca7d94e70bd37be259cb58d45

    • SHA256

      be2f357f59aeb145829d1727ea7a0cd7d1f99e89486bfa5816a651294f65ce8a

    • SHA512

      80d69f16219beb09823588286fd3c0ab52e53f0af3630904d96576c78c0d0306de083249087e176198cab5e55f49ac05df04d0318cffc22eafded1a6ba493dee

    • SSDEEP

      1536:AZpibrjRkDgfnzFB9oCnyo2Vl8Eb3W7+ClJ6zL:A2brjRJfnJB3nyoWV3ilJk

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks