Overview

overview

10

Static

static

eb92acc37b...cb.exe

windows7-x64

10

eb92acc37b...cb.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    eb92acc37bb9cf1b404253d3b05a6fb30f22738e6659070b09ad3d6b034f82cb

  • Size

    123KB

  • Sample

    221207-cz3n8sag3y

  • MD5

    d991a2eca51b38bec4106c2eb23767e0

  • SHA1

    0a0dfb9f9fecab6dcce7016f23072c383f2930f0

  • SHA256

    eb92acc37bb9cf1b404253d3b05a6fb30f22738e6659070b09ad3d6b034f82cb

  • SHA512

    292f89e1abdfd58504722699f26be2b0fabf9fbcdc56de850371f54edaf6a12f61a448a363788a04dbc7bbd177f15c1b92ab7e07dea99b2c71d60d1c3a5ed217

  • SSDEEP

    3072:1gAPBxEos81SpfdfPCMSfUxj1T8wRnUl72:1xBxl1SpfGKrdH

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      eb92acc37bb9cf1b404253d3b05a6fb30f22738e6659070b09ad3d6b034f82cb

    • Size

      123KB

    • MD5

      d991a2eca51b38bec4106c2eb23767e0

    • SHA1

      0a0dfb9f9fecab6dcce7016f23072c383f2930f0

    • SHA256

      eb92acc37bb9cf1b404253d3b05a6fb30f22738e6659070b09ad3d6b034f82cb

    • SHA512

      292f89e1abdfd58504722699f26be2b0fabf9fbcdc56de850371f54edaf6a12f61a448a363788a04dbc7bbd177f15c1b92ab7e07dea99b2c71d60d1c3a5ed217

    • SSDEEP

      3072:1gAPBxEos81SpfdfPCMSfUxj1T8wRnUl72:1xBxl1SpfGKrdH

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks